A Software Testing Workflow Analysis Tool Based on the ADCV Method

Abstract

Based on two progressive aspects of the modeling problems in business process management (BPM), (1) in order to address the increasing complexity of user requirements on workflows underlying various BPM application scenarios, a more verifiable fundamental modeling method must be invented; (2) to address the diversification of software testing processes, more formalized advanced modeling technology must also be applied based on the fundamental modeling method. Aiming to address these modeling problems, this paper first proposes an ADCV (acquisition, decomposition, combination, and verification) method that runs through the core management links of four types of business processes (mining, decomposition, recombination, and verification) and then describes the compositional structure of the ADCV method and the design of corresponding algorithms. Then, the software testing workflow is managed and monitored using the method, and the corresponding analysis tool is implemented based on Petri nets. At the same time, the tool is applied to the case processing of the software testing workflow. Specifically, the workflow models are established successively through ADCV during the process of business iteration. Then, the analysis tool developed with the ADCV method, the model–view–controller (MVC) design pattern, and Java Swing technology are applied to instances of the software testing workflow to realize the modeling and management of the testing processes. Thus, the analysis tool can guarantee the accuracy of the parameter estimations of related software reliability growth models (SRGMs) and ultimately improve the quality of software products.

1. Introduction

In the current software operating environment, due to the complexity and diversification of user requirements, as well as the dynamicity of the runtime environment for workflow management systems, increasing importance has been attached to BPM by more and more industries [1]. Business process management is an effective means for enterprises or organizations to achieve their goals [2]. The process model is the research foundation in the field of BPM. It can not only assist in developing information management systems but can also analyze process changes and then improve the processes in question, which is helpful in managing more complex business processes. Therefore, against the background of the increasing complexity of BPM, establishing a reliable process model that can cope with dynamic changes and ensure that business processes can be carried out continuously and effectively is the principal problem in reliability modeling. Traditional process modeling methods are complex, with strong subjectivity, poor accuracy, and low execution efficiency. Moreover, in most cases, they cannot meet the actual needs of current process development. The historical data stored in information systems about process execution provide a valuable source of data for discovering and improving business processes within an organization. Running business processes consists of different activities that form log data.

Usually, the software reliability growth model (SRGM) is used as a basic tool to predict or evaluate the reliability of software products in the software testing stage, and the application of SRGM for reliability analysis is also an effective means in the field of reliability evaluation [3]. With the constant expansion of software system scales, software functions require more frequent interaction among various subsystems, and their reliability is often difficult to predict. Therefore, before the software system is delivered to users, it is necessary to carry out fault detection and fault repair according to a reliable software testing process so as to avoid failure behaviors during the actual operation process.

In this paper, we propose an automated workflow modeling architecture based on the ADCV method for the primary research BPM modeling tool used in software testing. The workflow models are established successively according to the methods of acquisition, decomposition, combination, and verification, which provide reliable model guarantees for software testing processes and, consequently, improve the quality of BPM in software testing. The process logs record the real execution situation of the business process. By mining the logs’ information, the process acquisition component initially establishes a Petri nets model that conforms to the corresponding process log. After the process model is decomposed by the process decomposition component, the sublogs and submodels are generated, and the original Petri nets model is decomposed into several models. According to changes in business requirements, the original business process needs to be recombined, updated, and optimized; then, the process recombination is implemented with the participation of users. Finally, the new model is compared with the original model through the process verification component to determine the reachability and the differences between the places, thus completing the property analysis of the model.

The remainder of this paper is organized as follows: First, we introduce some related work in Section 2, i.e., Petri nets and software testing workflows, the Petri nets model of the fundamental workflow mode, and tool architecture and functions. In Section 3, we discuss business process analysis based on the ADCV method and the corresponding process mining algorithm. Section 4 applies the ADCV method to the modeling of a real software testing process. The last section provides a research overview and the future research direction of this paper.

2. Related Work

2.1. Petri Nets and Software Testing Workflow

Petri nets are often used for modeling, simulation, control, and analysis of automated manufacturing systems [4,5]. The method of workflow modeling based on Petri nets is more and more widely applied in BPM and can provide technologies and means for the structure analysis and performance evaluation of workflow models. With the expansion of software scales, more software failures occur, and the importance of software testing is becoming more prominent. The application of Petri nets in the BPM field of software testing can effectively carry out formal analysis and testing for software, thus reducing the testing cost and improving testing efficiency. However, in the testing stage of software development, SRGM describes the cumulative number of faults detected or repaired during the software testing process based on historical failure data, which plays an important role in the reliability evaluation and safety measurement of the software system [6,7]. Obviously, when the faults in software are continuously eliminated, the software reliability will be improved.

In general, after the software development is completed, we establish the corresponding SRGM from the perspective of software failures in the software testing process or actual delivery and execution to obtain the reliability measurement results of the software [8,9]. However, in order to accurately find the root cause of software failures, we need a high-quality software testing process. Therefore, an accurate analysis of the key factors affecting the SRGM of the tested software in the software testing process is helpful in establishing a more accurate SRGM of the tested software. Through formal Petri nets modeling for the software testing process, we improve the automation of the software testing workflow. Furthermore, we obtain more accurate reliability measurement results of the tested software. Applying SRGM in software testing can not only provide reliable information about the tested software for testers but also help to establish the best software release decision and further improve the software quality.

2.2. Petri Nets Model of the Fundamental Workflow Mode

Workflow separates management from business processes and makes business and BPM independent to realize the automation of BPM. On the basis of Petri nets, Wil van der Aalst proposed the theory of workflow-net (WF-net) by modeling the control flow dimension of a workflow [10]. As a kind of Petri net, WF-net is widely used in workflow system modeling and analysis [11,12,13]. A WF-net begins at the initial place and ends at the termination place, which indicates the running state of a complete business process under the marking. Workflow modeling can be completed by using Petri nets, and the Petri nets models corresponding to the fundamental workflow modes are shown in Figure 1.

Figure 1a–f corresponds to sequential mode, parallel split mode, synchronous mode, exclusive selection mode, simple merge mode, and forced circulation mode, respectively. Among them, Figure 1a,d,f correspond to the sequential model, selective model, and cycle model, respectively, while Figure 1b–e belong to the parallel model. According to the above four basic Petri nets models, we can model and analyze the business process of workflow to optimize the workflow management system and improve the quality of BPM.

2.3. Architecture and Functions of Tool Based on ADCV Method

With the support of WfMS (workflow management system), the advantages of BPM application software, such as high flexibility and maintainability, have been widely accepted by users. Moreover, workflow management software promotes the rapid development of process management concepts such as process recombination and continuous process improvement. In addition, these management concepts also speed up process optimization and improve the quality of process models. The trustworthy workflow management system (TWfMS) [14,15] is an extension of the standard reference model proposed by the workflow management coalition (WfMC) and links the process definition tool to the Petri nets analysis tool to automate the acquisition, decomposition, recombination, and verification of uncertain business process models, as shown in Figure 2.

At the same time, an instance of TWfMS could be established in the high-quality software testing process, which can derive the relative SRGM to reflect the results of software testing. The SRGM plays an important role in the evaluation and analysis of software reliability. With the increasing scale and complexity of software applications, the field of software reliability analysis has become increasingly prominent [16]. The functionality of complex software systems requires frequent interactions and connections between subsystems, and the complexity of the entire system will greatly increase, making its reliability often difficult to predict [17]. Therefore, it is necessary to study the concept of software reliability from the perspective of improving the software service quality.

In Figure 2, interface 1 is linked to the tool of requirement auto-analysis through the process definition tool, which can automatically acquire, decompose, combine, and verify uncertain business processes for requirement analysis. The analysis tool based on Petri nets includes the four core functions of the ADCV method, i.e., acquisition, decomposition, combination, and verification. The specific methods of this paper are described as follows:

• A: Firstly, the process acquisition component generates the corresponding process model by mining the event logs, thus obtaining the structured business process. Here, we adopt a formal method suitable for describing concurrent systems to model, such as Petri nets.
• D: Secondly, the process decomposition component analyzes the established simulation model and extracts the relatively stable subsystem structure, i.e., it can identify and decompose the subprocesses of structured business processes. For example, the obtained model is decomposed into multiple subnets according to the T-invariants of the Petri nets, thus forming multiple nonintersecting subprocesses represented by each subnet.
• C: Thirdly, with the participation of users, it is inevitable that business processes will be recombined due to the changes in requirements, that is, process combination. Generally, the processes involved in the recombination are the subprocesses identified and decomposed in the second stage above, which ensures that the recombined process can better reflect the new requirements.
• V: Finally, the process verification component performs formal verification on the recombined process model to determine whether it meets the new requirements. Regarding the processes that proved to be unable to meet the new requirements after verification, we need to feed back the requirements analysis reports to the first stage, that is, the modeling stage, to participate in the process acquisition again and enter a new round of the iterative cycle of BPM.

3. Business Process Analysis Based on the ADCV Method

3.1. Overview of the ADCV Method

Figure 3 shows the key elements, key technologies, and key steps of the ADCV method. The key elements include the BPMN (business process model and notation) model, WfMS, event log, sublog, subnet, and model, etc.; the key technologies include process mining, process decomposition, process recombination, and process verification, etc.; the key steps include development, discovery, decomposition, comparison, combination, recombination, verification, and design, etc.

In Figure 3, firstly, WfMS development should follow the specifications of the BPMN model; after the BPMN model is converted to the workflow net model, it should satisfy the characteristics of being well-structured and reasonable. The event log is generated from the actual running process of the WfMS; then, the process mining technology is used to discover the model M₁ from the log data, and the M₁ is decomposed to generate the subnet model set M₂. The sublog set is generated by decomposing the logs, and these sublogs are separately discovered to obtain the subnet model set M’₂. Next, we compare the corresponding subnet models in M₂ and M’₂ and recombine the BPMN model with subnet 1, subnet 2 ··· subnet n in terms of the decomposition results reached by the consensus after comparison to generate the model M₃. Finally, the verified model M₄ is submitted to the user, who can redesign the original BPMN model and update the WfMS iteratively.

Figure 4 outlines the detailed modeling relationship of the ADCV method; that is, this paper establishes the workflow model in turn according to this method and continuously carries out the iterative cycle of business process modeling in accordance with user requirements until the generated new model (M₄) is accepted by users. Business process modeling and analysis based on the four major phases of the ADCV method aims to consistently improve the quality of business process management.

3.2. Business Process Acquisition

3.2.1. Log Definition Based on Event Status

The log data recorded by the information system may reside in multiple database tables. The log data information may contain one or more events and provide the corresponding event name, start time, end time, execution status, etc. The same process model can contain multiple process instances, and different process instances may contain different events. We replay the event log on the process model; that is, we convert the event log into a visual process model, and the events in the log are closely related to the tasks in the model. Figure 5 shows the process of establishing a connection between the process model and the event log when the log is replayed and connects the processes and activities in the model to the events in the log. The process mainly involves three levels: process model level, case level, and event level.

In Figure 5, the event is connected to the task instance so that the data information in the log can be projected onto the process model. For the purpose of more accurately describing the log based on the event status adopted in this work and facilitating the analysis of the log, the following definitions are given:

Definition 1 (log based on event status).

Different from the traditional event log format, the log format used in this paper mainly has three attributes: CaseId, EventName, and EventStatus, wherein the CaseId indicates the Id number of the workflow case (represented by serial numbers 1, 2, 3,  ···), that is, the Id number of the trace sequence in a log; the EventName indicates the name of the event contained in the trace sequence; the EventStatus indicates the event status, including start (abbreviated as S) and complete (abbreviated as C), which indicate the start status and complete status of an event, respectively.

The traditional event log format treats a task as an atomic activity and does not involve the specific start and complete status of events. However, we consider event status as a major factor in log attributes.

Table 1. Detailed data of event log.

CaseId	Event		CaseId	Event		CaseId	Event		CaseId	Event
	Name	Status		Name	Status		Name	Status		Name	Status
1	T1	Start	1	T14	Start	2	T10	Complete	3	T6	Start
1	T1	Complete	1	T14	Complete	2	T12	Complete	3	T6	Complete
1	T2	Start	1	T15	Start	2	T13	Start	3	T11	Start
1	T2	Complete	1	T15	Complete	2	T13	Complete	3	T7	Start
1	T4	Start	2	T1	Start	2	T14	Start	3	T11	Complete
1	T4	Complete	2	T1	Complete	2	T14	Complete	3	T12	Start
1	T5	Start	2	T2	Start	2	T15	Start	3	T7	Complete
1	T5	Complete	2	T2	Complete	2	T15	Complete	3	T8	Start
1	T6	Start	2	T4	Start	3	T1	Start	3	T8	Complete
1	T6	Complete	2	T4	Complete	3	T1	Complete	3	T12	Complete
1	T11	Start	2	T5	Start	3	T2	Start	3	T13	Start
1	T7	Start	2	T5	Complete	3	T2	Complete	3	T13	Complete
1	T7	Complete	2	T6	Start	3	T3	Start	3	T14	Start
1	T8	Start	2	T6	Complete	3	T3	Complete	3	T14	Complete
1	T11	Complete	2	T11	Start	3	T2	Start	3	T15	Start
1	T12	Start	2	T9	Start	3	T2	Complete	3	T15	Complete
1	T8	Complete	2	T9	Complete	3	T4	Start	4	T1	Start
1	T12	Complete	2	T10	Start	3	T4	Complete	4	T1	Complete
1	T13	Start	2	T11	Complete	3	T5	Start	4	T2	Start
1	T13	Complete	2	T12	Start	3	T5	Complete	...	...	...

shows a complete log containing the event status S and C, which records the software testing workflow of RSA timing attack tasks in detail. The RSA encryption algorithm was proposed by Rivest, Shamir, and Adleman in 1977. The RSA timing attack tasks refer to using time-side channels to attack RSA keys. Then, the attacker collects the time information generated by the RSA algorithm when processing different ciphertexts and uses multivariate statistical analysis methods to crack the keys [18,19].

The event log in Table 1 includes four workflow cases, of which the trace sequence corresponding to case 1 is:

$$\begin{array}{l}{\sigma }_1=<(t_1,S),(t_1,C),(t_2,S),(t_2,C),(t_4,S),(t_4,C),(t_5,S),(t_5,C),(t_6,S),(t_6,C),(t_{11},S),(t_7,S),\\ (t_{11},C),(t_{12},S),(t_7,C),(t_8,S),(t_8,C),(t_{12},C),(t_{13},S),(t_{13},C),(t_{14},S),(t_{14},C),(t_{15},S),(t_{15},C)>\end{array}$$

where $(t_1,S)$ and $(t_1,C)$ represent the start event and complete event of task $t_1$ in an instance, respectively. On the one hand, for $\forall t_i\in \sigma$, $(t_i,S)$ and $(t_i,C)$ must appear in pairs, and $(t_i,S)$ can only appear before $(t_i,C)$. On the other hand, events such as $t_7$ and $t_{11}$ in case 1, $t_9$ and $t_{11}$ in case 2, and $t_8$ and $t_{12}$ in case 3 overlap when they are executed, respectively, indicating that there may be a parallel execution relation between these tasks in case 1, 2, and 3. Furthermore, each event (start event or complete event) in a trace only corresponds to the occurrence of the same task, and a task may appear in the log more than once due to the loop structure. To formally describe the relation between tasks in the log, the definitions of the two basic inter-task relations used to derive the ordering relations between tasks are given below.

Definition 2 (succession and intersection).

Let $T$ represent the set of tasks, $E=T\times \{Start,Complete\}$  represent the set of events on $T$  (including the start and complete events of all tasks), and $L\subseteq E^{*}$  (i.e., $L\in \mathcal{P}(E^{*})$; $\mathcal{P}(E^{*})$  is the powerset of $E^{*}$), which represent an event log. In log $L$, $a,b,c\in T$  represents three tasks:

(i) 

If, and only if, events $(a,S),(a,C),(b,S),(b,C)$  have occurred in a trace $\sigma \in E^{*}$  and satisfy $(a,C).timestamp<(b,S).timestamp$  (i.e., $a$  has been completed before $b$  starts), that is, if there is at least one trace in the log, and no complete task $c$  occurs between its two tasks $a$  and $b$, then $a$  is directly succeeded by $b$, which is represented by $a{>}_{L}b$.

(ii) 

If, and only if, events $(a,S),(a,C),(b,S),(b,C)$ have occurred in a trace $\sigma \in E^{*}$ and satisfy $(a,S).timestamp<(b,S).timestamp<(a,C).timestamp$ or $(b,S).timestamp<$ $(a,S).timestamp<(b,C).timestamp$, that is, if there is at least one trace in the log, and its two tasks $a$ and $b$ overlap and intersect, then $a$ intersects with $b$, which is represented by $a{\times }_{L}b$.

Figure 6 shows the situations of $a{>}_{L}b$ and $a{\times }_{L}b$. As can be seen from Figure 6, the two tasks with intersection relation are bound to be parallel. The difference is that the completion sequence is different; that is, $a{\times }_{L}b$ and $b{\times }_{L}a$ both believe that the execution process of tasks $a$ and $b$ is parallel, and the two situations of $a{\times }_{L}b$ indicate that the start sequence of the two tasks is different. Similarly, the two situations of $b{\times }_{L}a$ indicate that the start sequence of the two tasks is different. Meanwhile, on the premise that the log is complete, $a{\times }_{L}b$ and $b{\times }_{L}a$ are equivalent; that is, $a{\times }_{L}b\iff b{\times }_{L}a$. After establishing the basic relations such as ${>}_L$ and ${\times }_L$, this work extends the following three types of ordering relations between tasks to construct the model structures that conform to the log behaviors.

Definition 3 (log-based ordering relations).

Let $L\subseteq E^{*}$ be an event log based on $E=T\times \{Start,Complete\}$. For $\forall a,b\in T$:

(i) 

Causal relation: $a{\to }_{L}b$ iff $(a{>}_{L}b)\wedge \neg (b{>}_{L}a)\wedge \neg (a{\times }_{L}b)\wedge \neg (b{\times }_{L}a)$;

(ii) 

Indirect relation: $a{\#}_{L}b$ iff $\neg (a{>}_{L}b)\wedge \neg (b{>}_{L}a)$;

(iii) 

Parallel relation: $a|{|}_{L}b$ iff $(a{>}_{L}b)\wedge (b{>}_{L}a)\wedge (a{\times }_{L}b)\wedge (b{\times }_{L}a)$.

For any log $L$, if $a,b\in T$, then the task pair $(a,b)\in T\times T$ consisting of $a$ and $b$ must satisfy and only satisfy one of the following four relations: $a{\to }_{L}b$, $b{\to }_{L}a$, $a{\#}_{L}b$, and $a|{|}_{L}b$; i.e., these relations constitute the partition of the set $T\times T$. According to the above definitions, it can be concluded that parallel and indirect relations conform to exchangeability, while causal relation does not.

3.2.2. α^S Algorithm Based on Event Status

Process mining is a technique for extracting useful information from workflow logs and providing an interface between process models and event data [20], which is used by many data-driven organizations to improve performance or ensure compliance [21]. In the application of the α algorithm, the task in the log is considered an atomic activity, and the execution status of the task (the start status and complete status) is not considered, which is not conducive to the detection of the parallel relation between tasks. Therefore, the improved α^S algorithm based on the α algorithm in this paper regards the start and complete events of a task as two atomic activities and explicitly detects the parallel structures in the business process by recording the occurrence of overlapping tasks. In addition, the α^S algorithm overcomes the problem that the α algorithm cannot correctly handle the short loops (loop structure with step 1 or 2) and further improves the applicability of process mining technology in practical situations.

Next, let $L$ be an event log based on $E=T\times \{Start,Complete\}$. The steps of the α^S algorithm are as follows:

Step 1: $T_L=\{t\in T|{\exists }_{\sigma \in L}t\in \sigma \}$

Step 2: $T_I=\{t\in T|{\exists }_{\sigma \in L}t=first(\sigma )\}$

Step 3: $T_O=\{t\in T|{\exists }_{\sigma \in L}t=last(\sigma )\}$

Step 4:$\begin{array}{l}{X}_L=\{(P{S}_i,N{S}_i) \left|P{S}_i\subseteq T_L\right.\wedge N{S}_i\subseteq T_L\wedge {\forall }_{a\in P{S}_i}{\forall }_{b\in N{S}_i}a{\to }_{L}b\wedge {\forall }_{a_1,a_2\in P{S}_i}{a}_1{\#}_L{a}_2\wedge \\ {\forall }_{b_1,b_2\in N{S}_i}{b}_1{\#}_L{b}_2\}\end{array}$

Step 5: $Y_L=\{(P{S}_i,N{S}_i)\in X_L|{\forall }_{(P{S^{\prime }}_i,N{S^{\prime }}_i)\in X_L}P{S}_i\subseteq P{S^{\prime }}_i\wedge N{S}_i\subseteq N{S^{\prime }}_i\Rightarrow (P{S}_i,N{S}_i)=(P{S^{\prime }}_i,N{S^{\prime }}_i)\}$

Step 6: $P_L=\left\{p_{(P{S}_i,N{S}_i)}\right|(P{S}_i,N{S}_i)\in Y_L\}\cup \{i_L,o_L\}$

Step 7: $F_L=\{(a,p_{(P{S}_i,N{S}_i)})|(P{S}_i,N{S}_i)\in Y_L\wedge a\in P{S}_i\}\cup \{(p_{(P{S}_i,N{S}_i)},b)|(P{S}_i,N{S}_i)\in Y_L\wedge$$b\in N{S}_i\}\cup \{(i_L,t)|t\in T_I\}\cup \{(t,o_L)|t\in T_O\}$

Step 8: ${\alpha }^S(L)=(P_L,T_L,F_L)$.

Then, the triple $(P_L,T_L,F_L)$ is the process model constructed by the α^S algorithm based on log $L$. Step 1 is responsible for detecting all the tasks in the log, and these tasks should correspond to the transitions in the resulting Petri nets model. In steps 2 and 3, $T_I$ is the set of tasks that appears at the first position of a trace and $T_O$ is the set of tasks that appears at the last position of a trace. As the cores of this algorithm, step 4 and step 5 play significant roles in process mining. Step 4 tries to find the set $X_L$ formed by all task pairs $(P{S}_i,N{S}_i)$ under certain conditions, and there is a causal relation between each task in the set $P{S}_i$ and each task in the set $N{S}_i$; moreover, there are no parallel or causal relations between the tasks of $P{S}_i$ and $N{S}_i$; that is, there is an indirect relation, which is important for finding the short loop structures in log records. Step 5 removes all sets in $X_L$ that do not contain the largest elements to generate $Y_L$. In step 6, each task pair $(P{S}_i,N{S}_i)$ has a place $p_{(P{S}_i,N{S}_i)}$ corresponding to it, which is used to connect the transitions in $P{S}_i$ and $N{S}_i$; furthermore, a Petri nets model should also contain an initial place $i_L$ and a termination place $o_L$. Step 7 is responsible for generating the directed arc between the place and transition in the Petri nets model. All places $p_{(P{S}_i,N{S}_i)}$ take $P{S}_i$ as the input transition and $N{S}_i$ as the output transition and finally construct a complete Petri nets model ${\alpha }^S(L)=(P_L,T_L,F_L)$ in Step 8.

3.3. Business Process Decomposition

3.3.1. Principle of Process Decomposition

By using the process mining algorithm to detect and analyze the event log, the Petri nets model that can replay the log behaviors can be obtained. However, the complexity of business processes is further expanding, which, on the one hand, brings some challenges to the performance analysis of related processes; on the other hand, it may cause the state space of the Petri nets model to increase exponentially and then lead to a state space explosion. In order to alleviate the problem of the state space explosion, the strategy of “divide and conquer” can be adopted; that is, the net structure or state space of the model can be divided by employing process decomposition technology. Thus, the original model can be decomposed into several subnet models. This section mainly discusses the combination of process decomposition technology and process mining technology to decompose the process mining problem into multiple small-scale problems to reduce the difficulty of process discovery and improve the quality of the process model. Additionally, these small-scale problems are easy to analyze, and the decomposition results can be recombined to form the original problem.

3.3.2. Process Decomposition Algorithm Based on T-Invariant

On the basis of understanding and mastering the relevant theories of process mining, we present a process decomposition algorithm based on the T-invariant, which can effectively realize the separation of business processes. Let $L$ be an event log based on $E=T\times \{Start,Complete\}$, which was derived from the execution records of a WfMS. The WfMS was designed and implemented in terms of a well-structured and reasonable workflow net $PN=(P,T;F)$, where the workflow net refers to Definition 2.9 and Definition 4.2 specified in the literature [10]. Next, let $L=\{{\sigma }_1,{\sigma }_2,\dots ,{\sigma }_{CaseNum}\}$, where $CaseNum$ represents the number of workflow instances in $L$, and ${\sigma }_l(1\le l\le CaseNum)$ represents the trace of the $l^{th}$ workflow instance. From the preliminary analysis of the process decomposition algorithm, the extended workflow net $\overline{PN}=(\overline{P},\overline{T};\overline{F})$ is defined on the basis of the workflow net $PN=(P,T;F)$ as follows: (1) $\overline{P}=P$; (2) $\overline{T}=T\cup \left\{t^{*}\right\}$; (3) $\overline{F}=F\cup \{(o,t^{*}),(t^{*},i)\}$.

Then, the steps of the process decomposition algorithm based on the T-invariant are as follows:

Step 1: Description: The Petri nets model given by the business process acquisition link is decomposed into several subnet models.

Step 1.1: Add a new transition $t^{*}$ between initial place $i_L$ and a termination place $o_L$ to construct the extended workflow net $\overline{PN}$; i.e., $\cdot t^{*}=\left\{o_L\right\}$, $t^{*}\cdot =\left\{i_L\right\}$.

Step 1.2: Solve the output matrix $D_{m\times n}^{+}$, input matrix $D_{m\times n}^{-}$, and incidence matrix $D_{m\times n}$ of $\overline{PN}$, and $\left|P\right|=m,\left|T\right|=n$.

Step 1.3: Solve the homogeneous linear equation $D_{m\times n}\cdot X=0$ with constraint condition $X>0$ to obtain a group of minimal T-invariant solutions $X_1,X_2,\cdot \cdot \cdot ,X_k$ and their support set solutions $T{S}_1,T{S}_2,\cdot \cdot \cdot ,T{S}_k$. Let $\mathcal{T}\mathcal{S}$ be the T-invariant support set, which can be expressed as $\mathcal{T}\mathcal{S}=\mathcal{T}{\mathcal{S}}^{\prime }\cup \mathcal{T}{\mathcal{S}}^{″}=\{T{S}_1,T{S}_2,\cdot \cdot \cdot ,T{S}_k\}$; $\mathcal{T}{\mathcal{S}}^{\prime }$ is the T-invariant set containing transition $t^{*}$, and $\mathcal{T}{\mathcal{S}}^{″}$ is the T-invariant set without transition $t^{*}$.

Step 1.4: Construct the outface subnet $P{N}_i=(P_i,T_i;F_i)$ of $\overline{PN}$ for $\forall T{S}_i\in \mathcal{T}{\mathcal{S}}^{\prime }$, and let $\mathcal{T}{{\mathcal{S}}^{\prime }}_{PN}$ be the set of outface subnets; i.e., $\mathcal{T}{{\mathcal{S}}^{\prime }}_{PN}=\{P{N}_1,P{N}_2,\cdot \cdot \cdot ,P{N}_{\left|\mathcal{T}{\mathcal{S}}^{\prime }\right|}\}$.

Step 1.5: If $\mathcal{T}{\mathcal{S}}^{″}=\varnothing$, then skip to Step 1.7; otherwise, $\forall T{S}_j\in \mathcal{T}{\mathcal{S}}^{″}$, if $\exists P{N}_i\in \mathcal{T}{{\mathcal{S}}^{\prime }}_{PN}$ ($\exists T{S}_i\in \mathcal{T}{\mathcal{S}}^{\prime }$), then $T{S}_i\cap T{S}_j\ne \varnothing$, and $\exists p\in P{N}_i\wedge t\in T{S}_j$, such that $t\cdot =p$. Then, merge the outface subnet of $T{S}_j$ in $\overline{PN}$ with $P{N}_i$ to obtain a combined extended subnet $P{N}_i$. In addition, $\mathcal{T}{\mathcal{S}}^{″}=\mathcal{T}{\mathcal{S}}^{″}\backslash T{S}_j$.

Step 1.6: Repeat Step 1.5 until the element in $\mathcal{T}{\mathcal{S}}^{″}$ is empty ($\mathcal{T}{\mathcal{S}}^{″}=\varnothing$).

Step 1.7: Delete $t^{*}$ and its corresponding arcs $(o,t^{*})$ and $(t^{*},i)$ from each extended subnet $P{N}_i$, and the set $W{F}_{PN}=\{P{N}_1,P{N}_2,\cdot \cdot \cdot ,P{N}_{\left|\mathcal{T}{\mathcal{S}}^{\prime }\right|}\}$ of workflow subnets is constituted of these new $P{N}_i$.

Step 2: Description: Based on the results of the T-invariant support sets given in Step 1, the original log is decomposed into several sublogs.

Step 2.1: Convert the T-invariant support sets of $\mathcal{T}{\mathcal{S}}^{\prime }$ and $\mathcal{T}{\mathcal{S}}^{″}$ in Step 1.3 to the transition set, respectively.

Step 2.2: Initialize $SL=\mathcal{T}{\mathcal{S}}^{″}$ ($\mathcal{T}{\mathcal{S}}^{″}$ in Step 1.3), which represents the set of sublogs; initialize $L\_exception=\varnothing$, which represents the set of exception logs that cannot be replayed by the Petri nets model given in Step 1. The original log $L$ is decomposed in terms of the transition set of $\mathcal{T}{\mathcal{S}}^{\prime }$ in Step 1.3; i.e., $\forall T{S}_i\in \mathcal{T}{\mathcal{S}}^{\prime }$. If $\exists l,T{S}_i\backslash t*\subset {\sigma }_l,{\sigma }_l\in L$, then $SL=SL\cup \left\{{\sigma }_l\right\}$ and $L=L\backslash {\sigma }_l$; if $\forall l,T{S}_i\backslash t*\not\subset {\sigma }_l$, then $L\_exception=L\_exception\cup \left\{{\sigma }_l\right\}$ and $L=L\backslash {\sigma }_l$. Finally, the sublog set that constitutes the log $L$ is $L=\{S{L}_1,S{L}_2,\cdot \cdot \cdot ,S{L}_{\left|\mathcal{T}{\mathcal{S}}^{\prime }\right|}, L\_exception\}$.

Step 3: Description: Process mining technology is employed to process these sublogs separately, and the corresponding workflow subnet models are generated. Then, compare them with the subnet models obtained in Step 1 (if the comparison result is the same, retain them; otherwise, discard the subnet model). Therefore, the set of subnet models resulting from sublog mining is $W{F^{\prime }}_{PN}=\{P{N^{\prime }}_1,P{N^{\prime }}_2,\cdot \cdot \cdot ,P{N^{\prime }}_{\left|\mathcal{T}{\mathcal{S}}^{\prime }\right|}\}$.

In Steps 1.4 and 1.5, $\mathcal{T}{\mathcal{S}}^{\prime }$ and $\mathcal{T}{\mathcal{S}}^{″}$ represent the T-invariant set of the outer loop execution trace and the T-invariant set of the internal loop execution trace, respectively. These two steps are the cores of the decomposition algorithm. On the one hand, they are responsible for the construction and merging of the extended subnets, preventing the loss of the loop structures in the log and model and ensuring the independent relationship among the subprocesses; on the other hand, the construction and merging of subnets need to be completed in polynomial time. In the worst case, each transition needs to establish an association relationship with each place in the $\overline{PN}$; therefore, the time complexity is $O(mn)$ ($\left|P\right|=m,\left|T\right|=n$). Steps 1.2 and 1.3 solve homogeneous linear equations $DX=0$ under the constraint condition $X>0$, which also need to be completed in polynomial time; in the worst case, the time complexity is $O(m^n)$. The time complexity of steps 1.1, 1.6, 1.7, 2, and 3 is negligible compared to the above analysis. Therefore, the time complexity of the decomposition algorithm is $O(m^n)$.

3.4. Business Process Combination

3.4.1. Workflow Modeling Based on Time Petri Nets

With the increasing demands for automation in the field of BPM, business process modeling has gained more and more attention from the industry. Business process modeling covers process combination and process recombination, in which process combination refers to combining some process fragments into a complete process model according to specific modeling rules, while process recombination refers to the process of redesigning existing processes based on business requirements. After the process decomposition, the original workflow net model is divided into several workflow subnet models with independent execution traces. Then, on the basis of sorting out the global business process, these subnet models are combined to form a complete workflow model, which provides a good model condition for the next process recombination modeling. The workflow net model input in the process decomposition stage is the Petri nets model obtained by using process mining technology to discover logs automatically. The goal of process combination is to use some basic elements of Petri nets to implement combination modeling for the process fragments generated after decomposition. The process of recombination is based on the decomposed subnet model to create the initial elements of the recombination model, delete the old elements, add new elements, and then establish a more reasonable Petri nets model. Therefore, we can compare the differences between the two models before and after the recombination to determine the changes in business requirements. After the process of recombination is completed, the new model is verified to check its reachability status.

In the modeling process of combination and recombination, each transition is given a fixed delay time; thus, the workflow model is associated with a time parameter to build a time Petri nets model. On the basis of time Petri nets, we add a certain amount of weight values to the directed arcs in the Petri nets model and further propose a modeling method of weighted time Petri nets to improve the overall modeling ability of the workflow model.

The time delay parameter is introduced to a Petri net, and a weighted time Petri net is defined as a seven tuple, i.e., $TPN=(P,T;F,K,W,M_0,D)$. Among them, $D\to \{0,1,2,\cdots \}$ is the delay time set for transition, and $W\in F\to TPN$ is the weight function on $TPN$. If $(p,t)\in F$, then $W(p,t)$ is called the weight on $(p,t)$. For $\forall p\in \cdot t$ and $\exists t\in T$, if $M(p)\ge 1$, it means $t$ can be triggered under marking $M$ to obtain a new marking $M^{\prime }$. According to the workflow net model and subnet model obtained from process acquisition and process decomposition, the weighted time Petri nets are adopted to implement the combination and recombination of a business process, which not only improves the modeling and analysis capabilities of basic Petri nets but also can simulate the dynamic changes in business processes with the help of the movement of the token in the places and the continuous running time of the transitions. The workflow modeling based on weighted time Petri nets provides an exploration method for the simulation of process models, which can better meet the actual requirements of business processes.

3.4.2. Improved Coverage Tree Algorithm

A rational Petri nets model can ensure the accuracy and reliability of the business process, but to verify whether a Petri nets model meets the rationality, it is necessary to analyze all possible state transitions of the entire model. Hence, we can use the coverage tree to describe the marking transformation process of a Petri nets model. In the coverage tree, the node represents the new marking generated by $M_0$ and its subsequent marking, and the directed arc represents a process in which a transition is triggered (i.e., one marking is transformed into another). However, when $PN$ is unbounded, the state space of the coverage tree tends to infinity. Therefore, in order to keep the finiteness of the coverage tree, an infinite component $\omega$ is introduced to express the meaning of infinite. For any positive integer $n$, there are $\omega >n$, $\omega \pm n=\omega$, and $\omega \ge \omega$.

Definition 4 (marking coverage).

(i) 

$M_1\le M_2\iff {\forall }_i{M}_1(p_i)\le M_2(p_i)$.

(ii) 

$M_1<M_2\iff M_1\le M_2\wedge {\exists }_i{M}_1(p_i)<M_2(p_i)$,

where $M:P\to \{0,1,2,\cdot \cdot \cdot \}$ represents marking and $P=\{p_1,p_2,\cdot \cdot \cdot ,p_m\}$. Then, the marking $M$  can be written as a row vector; that is, $M=(M(p_1),M(p_2),\cdot \cdot \cdot ,M(p_m))$. In definition 4, if each component $M_1(p_i)$  of marking $M_1$ satisfies the condition that it is less than or equal to the corresponding component $M_2(p_i)$ of $M_2$, then $M_1$ is covered by $M_2$; if $M_1$ is covered by $M_2$, and $M_1(p_i)$ is less than $M_2(p_i)$, then $M_1$ is less than $M_2$.

The traditional coverage tree algorithm has obvious shortcomings in analyzing the marking transformation process of Petri nets, which are specifically reflected as follows:

(i) The true leaf nodes are divided into live nodes and dead nodes. The corresponding transitions of live nodes can occur repeatedly, while dead nodes will not trigger any other transitions. However, these two types of nodes cannot be explicitly distinguished in a coverage tree.

(ii) A node may have two child nodes, and the transitions corresponding to these two child nodes may have concurrent or selective execution (i.e., conflict), which is also not effectively distinguishable in a coverage tree. Aiming at the above problems of the traditional coverage tree algorithm, this work proposes an improved coverage tree algorithm to construct an optimized and reasonable coverage tree model.

Next, $CT(PN)$ is used to represent a coverage tree to be constructed, and $PN$ is used to represent a known Petri nets system. In a coverage tree $CT(PN)$, the node represents the marking name, $M_x$ represents the marking of node $x$, and the directed arc between the parent node and the child node represents a process in which a transition is triggered.

Then, the steps of the improved coverage tree algorithm are as follows:

Step 1: Take the initial marking $M_0$ as the root node of $CT(PN)$; i.e., the initial value of $CT(PN)$ is $M_{root}=M_0$.

Step 2: Judge whether $M_0$ of $CT(PN)$ exists. If not, the algorithm ends; if yes, perform the following:

Step 3: If there are several enabled transitions at $M_0$, choose one to trigger, mark the obtained leaf node $x$ as a new marking $M_x$, and judge whether $x$ is a true leaf node.

Step 3.1: If there is no enabled transition at $M_x$, then $x$ is the terminal node (also called the true leaf node).

Step 3.2: If node $y$ exists on the directed path from $root$ to $x$, making $M_y=M_x$, then $y$ and $x$ are duplicate true leaf nodes, i.e., duplicate nodes.

Step 3.3: When all the leaf nodes in $CT(PN)$ meet the requirements of true leaf nodes, the algorithm ends; otherwise, go to Step 4.

Step 4: At the marking $M_x$ of a non-true leaf node $x$, there is an enable transition $t$, and a new marking $M_z$ can be obtained after it is triggered, i.e., $(PN,M_x)[t>M_z$. Then, add the new node $z$ to $CT(PN)$, establish a directed arc from $x$ to $z$, and mark the arc as $t$.

Step 5: If there exists a node $c$ on the directed path from $x$ to $z$, making $M_c(p_i)\le M_z(p_i)\wedge M_c\ne M_z$, then $M_c$ can be covered. Then, when $M_c(p_i)<M_z(p_i)$, replace $M_z(p_i)$ with $\omega$ (i.e., $M_z(p_i)=\omega$).

Step 6: Return to Step 3.

The algorithm is terminated after executing the finite steps, which indicates that it has certain rationality and validity. The tree model constructed by a coverage tree algorithm is not unique because any one can be selected when there are multiple non-true leaf nodes. Moreover, there may be multiple transitions triggered at $M_x$, and the order of selection can be arbitrary.

3.4.3. Place Difference Verification Algorithm

A WfMS can easily change the business processes without a complete redesign of the system. However, it is not easy to directly observe the changes in the business activities in the recombined process model compared with the original process model. Therefore, it is necessary to compare these two models and determine their place differences, which will help users understand the requirement changes of the business process after the recombination in a timely manner.

Suppose that there are two Petri nets systems $PN=(P,T;F,K,W,M_0)$ and $P{N}^{\prime }=(P^{\prime },T^{\prime };F^{\prime },K^{\prime },W^{\prime },{M^{\prime }}_0)$, both of which satisfy reachability. Among them, $\left|P\right|=m(m\ge 1),\left|P^{\prime }\right|=n(n\ge 1)$, and the marking of $PN$ and $P{N}^{\prime }$ is, respectively, identified as $M_i=(M_i(p_1),M_i(p_2),\cdot \cdot \cdot ,M_i(p_m))(i>0)$ and ${M^{\prime }}_i=({M^{\prime }}_i(p_1),{M^{\prime }}_i(p_2),\cdot \cdot \cdot ,{M^{\prime }}_i(p_n))(i>0)$. In addition, $PN$ represents the original process model, and $P{N}^{\prime }$ represents the new process model.

Then, the steps of the place difference verification algorithm are as follows:

Step 1: Since $p_1$ and ${p^{\prime }}_1$ are the initial places of $PN$ and $P{N}^{\prime }$, respectively (that is, they represent the initial state of the Petri nets), they are marked as unchanged place elements.

Step 2: If the coverage trees of $PN$ and $P{N}^{\prime }$ exist in the same path formed by the reachable marking sequence, then judge whether the number of places in the two Petri net systems is the same.

Step 2.1: When $PN$ and $P{N}^{\prime }$ have the same number of places, perform the following operations; otherwise, go to Step 2.2.

Step 2.1.1: If there exists component $M_i(p_j)={M^{\prime }}_i(p_j)\ge 1$ in the marking $M_i$ and ${M^{\prime }}_i$, then $p_j$ is the place element that remains unchanged in $PN$ and $P{N}^{\prime }$.

Step 2.1.2: If there exists component $M_i(p_j)\ge 1,{M^{\prime }}_i(p_j)=0$ in the marking $M_i$ and ${M^{\prime }}_i$, then $p_j$ is the deleted place element in $P{N}^{\prime }$; if there exists component $M_i(p_j)=0,{M^{\prime }}_i(p_j)\ge 1$ in the marking $M_i$ and ${M^{\prime }}_i$, then $p_j$ is the added place element in $P{N}^{\prime }$.

Step 2.2: When $PN$ and $P{N}^{\prime }$ have a different number of places, perform the following operations:

Step 2.2.1: If the number of components of $M_i$ is greater than the number of components of ${M^{\prime }}_i$, and one or more component values in $M_i$ are not less than 1, then the place corresponding to these component values is the deleted element in $P{N}^{\prime }$.

Step 2.2.2: If the number of components of $M_i$ is less than the number of components of ${M^{\prime }}_i$, and one or more component values in ${M^{\prime }}_i$ are not less than 1, then the place corresponding to these component values is the added element in $P{N}^{\prime }$.

Step 3: If the coverage trees of $PN$ and $P{N}^{\prime }$ do not have the same reachable marking path, then all elements in $PN$ except $p_1$ are the deleted place elements of $P{N}^{\prime }$, and all elements in $P{N}^{\prime }$ except ${p^{\prime }}_1$ are the added place elements of $PN$.

In Step 2, it should be noted that (1) if a place element has been judged in the previous path, then this place element can be skipped in the subsequent path and will not be considered; (2) when the marking node in the coverage tree is a duplicate node, then it does not need to be judged again.

3.5. Business Process Verification

The reachability judgment of Petri nets is a key step in analyzing the properties of Petri nets, and its judgment results provide theoretical support for the reliability analysis of Petri nets systems or business processes. In this paper, we combine the coverage tree model composed of different markings to traverse the path formed by the marking sequence so as to complete the reachability analysis of the Petri nets model. Let $PN$ be a Petri nets system, where $P=\{p_1,p_2,\cdot \cdot \cdot ,p_m\}(m\ge 1)$, the initial marking is $M_0=(M_0(p_1),M_0(p_2),\cdot \cdot \cdot ,M_0(p_m))$, and $M_i=(M_i(p_1),M_i(p_2),\cdot \cdot \cdot ,M_i(p_m))(i>0)$. In addition, the initial value of the accessibility count of the place is 0; that is, $count=0$.

Then, the steps of the reachability analysis algorithm are as follows:

Step 1: According to the coverage tree model constructed by the improved coverage tree algorithm, we traverse the paths consisting of reachable marking sequences to determine whether each component $M_i(p_j)$ of each marking $M_i$ has a component with a value not less than 1. If $M_i(p_j)\ge 1$, it means that there is at least one token in the place $p_j$, which meets the accessibility requirements of the place.

Step 2: If there is a component with the value not less than 1 in each component $M_i(p_j)$ of the marking $M_i$, $count$ will add 1 and return to Step 1 to continue; if not, go to Step 4.

Step 3: When $count=m$, go to Step 5.

Step 4: Stop traversing the path formed by the current reachable marking sequence and determine $PN$ as unreachable.

Step 5: The path formed by the current reachable marking sequence has been traversed and completed and $PN$ is determined to be reachable.

It can be seen from the above steps that if all the marking nodes on the path of the coverage tree model are normally accessed and traversed, i.e., all the transitions have been triggered and all the places have been traversed, then it is determined that $PN$ meets the accessibility, indicating that the Petri nets model is correct, and there is no deadlock problem. Using the reachability property of Petri nets to verify the workflow can avoid the abnormal behavior of the workflow model during execution and ensure the normal operation of the business process.

4. Software Testing Workflow Management Oriented to SRGM

4.1. Instantiation Analysis of Process Acquisition

Process mining technology can use historical event logs recorded from information systems to describe and model real processes [22]. Through importing and analyzing the event log, we can determine the dependencies between all tasks in the log and establish a sequence relation matrix to store these relations. The parallel relation between tasks is used to analyze the possible locations where event tasks appear and add them to the process to further improve the model. Then, the process model of Petri nets is established by adopting the process mining algorithm. Among them, we extract the dependencies of all tasks in the sequence relation matrix and use the α algorithm to mine the business processes.

Each item of an event log consists of a case number (A, B...), task number (T1, T2, T3...), and the execution status of the task (start or complete). Conformance checking is the process mining task in BPM, which aims to cope with the mining result by comparing the model against the corresponding log [23]. The Petri nets acquisition component is used to realize the process mining on event logs and visualize the mining results. The graphical user interface (GUI) of this component is shown in Figure 7.

It can be seen that each process trajectory in the result model fully conforms to the event path trajectory recorded in the log. By comparing with the path information in the log, it is found that the mining process model is correct, which verifies the correctness of the mining algorithm.

4.2. Instantiation Analysis of Process Decomposition

Process decomposition reduces the scale of the process by decomposing a complete business process into a set of independently executable subprocesses, thereby simplifying the difficulty of process analysis and modeling and improving the quality of BPM. The process decomposition method based on Petri nets realizes the integration of log decomposition and model decomposition. In addition, we solve the problem of the internal loop structure by constructing transition sets of subprocesses and ensuring the relative independence between subprocesses.

Through such intermediate steps as incidence matrix generation, T-invariant solution, T-invariant support solution, and construction for transition sets of subprocesses, the sublogs and subnets representing the subprocesses are generated, thus realizing the correct decomposition of the event log and process model. Table 1 shows the event log corresponding to the software testing process of software with RSA timing attack tasks, which records different test activities and the sequential execution relationship between these activities. The Petri nets decomposition component mainly consists of the functions for process mining and process decomposition, and the process mining algorithm adopted is the α algorithm. The GUI of the Petri nets decomposition component is shown in Figure 8.

4.3. Instantiation Analysis of Process Combination and Verification

On the basis of establishing the process model for BPM, we adopt the property analysis algorithms for Petri nets such as coverage graph and incidence matrix to examine whether the process model meets the business requirements. First of all, we need to establish the process model and the recombined process model after analyzing the whole business process. Then, the properties of the two models are analyzed by creating the coverage graph and incidence matrix. Finally, we can verify the reachability of the two models and compare the differences between the models’ places to determine the change in requirements. The GUI of the Petri nets combination and verification components is shown in Figure 9.

During the simulation operation of the Petri nets model, each transition is given the corresponding execution time and the specified run rate. In Figure 9, the transitions marked in yellow are the simulation execution of transitions with the given delay value.

4.4. Modeling and Analysis for BPMN

The BPMN transforms a business process into a visual graph by using simple graphical notations, which simplifies business process modeling and visualizes complex modeling processes [24,25]. The standard BPMN models can be used to define process behavior because they contain decision logic in their control flow structure [26]. The WfMS based on the jBPM (java business process management) workflow engine aims at the typical phenomenon that it has a clear demand analysis process, that is, the modeling process of BPM; hence, we modeled the real processes according to the BPMN elements. After each iteration of the BPMN model is completed, the modeling subsystem saves it. At this time, the log subsystem records the log information of the BPMN models of the iteration process in the database, which is convenient for analysts to mine the logs and extract the reasonable Petri nets model. During the modeling process, the BPMN model is stored in the format of JSON data, but the JSON data cannot be processed in the jBPM-based workflow engine; it needs to be converted into an XML file, which can be recognized by the jBPM workflow platform. Furthermore, it is conducive to the deployment and execution of the business process model. Based on the log information generated by multiple BPMN model iterations, we count the frequency of related activities in the iterative version from a probability distribution, which provides a good parameter configuration suggestion for software testers engaged in SRGM analysis based on the BPMN model. Then, oriented to SRGM of the next subsection [27], we can map the ADCV method of Figure 3 into Figure 10 in compliance with the International Standard on test monitoring and control (TMC) processes [28], which means the dynamic test processes, software testing processes, and software testing management processes, all implemented in Ref. [27].

According to the TMC processes in Figure 10, the tasks recorded in the logs are basic features of the business process model, and the ordering relations between tasks can be used to describe the behaviors of the process model [29]. In BPM, process mining is a process management technology based on the event log analysis of business processes. The knowledge information in the log can be extracted by the process mining algorithm and presented as a process model. Thus, process mining provides the ability to check the conformance between process models and event logs and enhance the discovered processes [30,31].

4.5. SRGM Modeling of Software Testing Workflow

In this paper, we adopted Petri nets to model the software testing workflow of RSA timing attack tasks, which can give developers, testers, reliability analysts, and process supervisors a more intuitive understanding of the specific testing process. The software testing standardization process [27] establishes the standard execution criteria between process design and process implementation, which are mainly used to achieve the standardized management of software testing processes. During the process of fault detection and repair, we can provide developers and users with information about software reliability by establishing the SRGM of the tested software to improve the quality of software products [32,33,34]. Since SRGM has established a mathematical correlation model between fault data and reliability, it is possible to calculate the metrics related to software quality, such as the total number of faults, failure efficiency, and reliability, by using SRGM and combining fault data information (such as fault number, fault type, and fault interval time) [35,36,37,38]. With the purpose of accurately predicting software reliability, it is particularly important to apply an SRGM that can describe the observed failure data well and make accurate predictions in the future [39,40]. The performance measurement of SRGM is mainly implemented from two aspects, namely, fitting historical failure information and predicting future failure information. The modeling and evaluation process of SRGM is shown in Figure 11.

Applying Petri nets to the field of software testing process management can effectively formalize and analyze the testing process, thus improving the automation of software testing workflow. In the actual software testing process, testers in different roles need to follow the BPMN specification and perform the testing work according to the specified testing steps. Then, we adopt Petri nets to establish the corresponding workflow model for the standardized software testing process of BPMN and apply the Petri nets analysis tool mentioned in Section 3 to analyze the BPM of the software testing based on the ADCV method. Through formal Petri nets modeling, we analyze the key factors affecting the SRGM of the tested software in the software testing process.

Due to the complexity, randomness, and uncertainty of software testing and fault detection, the detected faults may not be successfully eliminated in the repair process, resulting in imperfect debugging. In addition, the internal structure of the system may be damaged in the debugging process, which may lead to the introduction of new faults. The imperfect debugging and introduction of new faults may cause the test to continue to perform the testing work in violation of the software testing principles without solving the original and new faults, resulting in the inaccurate calculation of the SRGM parameters.

Based on the ADCV modeling method, this paper analyzes the requirements of software testing workflow and establishes the corresponding workflow model. The proposed tool and method are applied to the instance of the software testing process to improve unreasonable testing links and optimize the following decision processes:

(i) Obtain the fault sample data by running or testing the tested software.

(ii) The fault sample data are input into multiple selected SRGMs, and the relevant parameters of the probability distribution model corresponding to the SRGM are estimated by statistical analysis.

(iii) The assessment between SRGMs is completed by comparing the differences and similarities between the future software failure behaviors of multiple selected SRGMs and the failure behaviors in the actual testing process.

5. Experimental Analysis

5.1. Application of Tool

We applied the Petri nets analysis tool developed in Section 4 to the software testing process of the RSA timing attack tasks. The test team performed the testing work on the workflow management system supporting the software testing process according to the software requirements specification, fed back the results for each stage test in real time, and recorded the corresponding failure interval time. During the testing process, the faults detected were classified into inherent faults and human faults, and we needed to provide the corresponding test reports and repair the faults detected in the software. With regard to different test data, we can select a more appropriate SRGM to predict the failure time in the future and then analyze the reliability degree of the system. During the process of workflow debugging (faults detection and repair), it is important to determine the key factors that affect the normal execution of the process through the application of stochastic Petri nets analysis tools to supervise the debugging process and improve the decision-making process of software testing, which is helpful for testers to perform reliability growth analysis.

The logs from the WFMS truly recorded the software testing workflow of the RSA timing attack tasks, and the Petri nets acquisition component established a structured process model by mining the log information. The original model was analyzed by the Petri nets decomposition component to generate sublogs and subnets. According to the decomposed subprocesses, the Petri nets combination component recombined the unreasonable processes of the original model and verified the differences in the testing processes between the models before and after the recombination. We followed the ADCV method to solve the problem of the BPM modeling of the software testing platform WFMS, which was beneficial to establishing a more accurate SRGM for the tested software and improving its reliability measurement results. The testing workflow for the RSA timing attack tasks is shown in Figure 12.

During the process of testing execution, when the current execution violated the principle of the testing process shown in Figure 12, the Petri nets analysis tool immediately determined the wrong process execution and suspended the token transfer to the next transition. After the process was corrected to the normal state, the token continued to be transferred to the next transition. Through the supervision of the testing process execution, we corrected the wrong execution status and improved the credibility of SRGM’s parameters. The incidence matrix and coverage graph were used to verify the legality of the process attributes in accordance with the requirements, and the results were output in the interface. Through the reachability judgment and verification of the places’ differences between the Petri nets model and the original model of business process recombination, we judged the change in requirements to verify the correctness of the tool and improve development efficiency.

5.2. Evaluation and Analysis of Tool

The workflow log information in Table 1 was generated from the second round of tests of the software related to the RSA timing attack tasks (that is, the RSA timing attack program based on the Linux platform). Eight faults were detected in the test, and the total testing time was 44.1 h. We applied the Petri nets analysis tool developed above to the second round of tests, then modeled and analyzed the software testing workflow according to the ADCV method, and finally submitted an optimized software testing workflow recombination model to the test team. Further, the test team carried out the testing work according to the recombined workflow in the next round of testing. Thirteen faults were detected in this test, and the testing time was 170.5 h (note: the third round of the test was consistent with the software requirements specification in the second round of the test). The G-O NHPP model, as a classical SRGM, has a good effect on reliability prediction and analysis. In this work, the MSE, SAE, variation, RMSPE, and R² were adopted as assessment indexes to evaluate the prediction ability of the G-O NHPP model on the fault datasets DS2 and DS3. The assessment results are shown in

Table 2. Performance indexes of business processes.

Fault Datasets/ Assessment Indexes	MSE	SAE	Variation	RMSPE	R2
DS2	0.53174	4.95724	0.60524	0.75995	0.89872
DS3	0.51658	7.74876	0.48669	0.73130	0.96310

.

If the value of the MSE, SAE, variation, or RMSPE is smaller, the predictive power of the model is stronger; if the value of R² is closer to 1, the predictive power of the model is stronger. As shown in Table 2, the values of the MSE, variation, RMSPE, and R² of the G-O NHPP model on DS3 were better than the corresponding index values on DS2; hence, the fitting power of the G-O NHPP model on DS3 was better than that on DS2, which indirectly indicated that the parameter estimation of the G-O NHPP model based on DS3 was more accurate. It can be seen that the software testing workflow recombination model provided by the ADCV method after the end of the second round of the test had certain validity, showing good results in SRGM parameter estimation and reliability prediction.

6. Conclusions

The automation and digitalization of business processes have enabled information systems to capture a large amount of log data, which can help enterprises or organizations better understand the workflow, improve the workflow, and provide operational support. By monitoring and managing business processes, we can identify process bottlenecks, recombine processes, and create the status space of process instances to explore their quality attributes. This work achieved some good results for the research into the ADCV modeling method, but there are still many things worth studying from the perspective of the practical application of software testing workflow. The Petri nets analysis tool completes the function of automatic requirement analysis for the trusted workflow management system and aims to establish a workflow model according to the methods of process acquisition, decomposition, combination, and verification, and continuously carries out the iterative cycle of BPM based on users’ requirements until the new model is accepted by process design users. In the software testing process, we apply the tool to complete the supervision of the testing process and testing data to improve the decision-making process of debugging and the quality of reliability analysis.

The ADCV method covers relevant algorithms and technologies such as process mining, process decomposition, process recombination, and process verification, but it does not involve the analysis of the process automation combination algorithm. This aspect will be further discussed in the follow-up research. In addition, it will also enrich and expand the methods in the process verification link to enhance the ability of process analysis. When applying the ADCV method to the software testing workflow, the SRGM modeling was not deeply combined with the Petri nets theory. In future work, we will continue to optimize the ADCV method to find the adverse factors that affect the SRGM parameter estimation in the software testing process and propose corresponding improvement countermeasures. Reference [41] uses the object-centered event log to predict the ongoing process in the most advanced prediction model. Its proposed model uses the rich data contained in the OCEL (object-centric event log) to enhance the latest progress of the prediction methods, which provides a new research idea for the research on the ADCV method and also provides a reference for the prediction of business process failure behavior.

Overall, this paper has conducted a preliminary investigation into the modeling problem of BPM in two ways: one is the fundamental modeling method of the original BPM based on an iterative pattern, and the other is the advanced modeling technology of the software testing workflow based on Petri Net. In the future, the combination algorithm should be optimized, as its massive combinatorial space with high dimensions has posed a strong challenge for the implementation of the ADCV method; at the same time, the enterprise software testing processes should be applied in the tool to improve its practicality on SRGM.