In BPMN leaks-when analysis the input is a BPMN model with annotations in pseudocode to write out how different components are related.

The BPMN leaks-when analysis uses the SQL privacy editor as an interface although its input language is not SQL. All tasks that transform the data are annotated to show which components of the inputs are used to compute which outputs and to give names to the computations.

BPMN leaks-when analysis is accessible from the SQL privacy editor and can be activated by clicking the respective button.

The analysis output is a table that summarizes which components of the inputs flow to the outputs. The cells in the table summarize the conditions and filters that the data passes. For data that always flows to the output there were no restrictive filters in the flow. The cell value never means that this output is not affected by that input. Finally, the if condition indicates that the flow is conditional and the passed filters can be seen when hovering over the cell.

The source code of the analysis tool is available at pleak-leaks-when-analysis repository. The user interface of the analysis tool is accessible through pleak-sql-editor.

Association lists are a GADT “(keytype * valuetype) assoclist” with the following six operations:

nil : (keytype * valuetype) assoclist add_data_to_store : keytype → valuetype → (keytype * valuetype) assoclist → (keytype * valuetype) assoclist update : keytype → valuetype → (keytype * valuetype) assoclist → (keytype * valuetype) assoclist find : keytype → (keytype * valuetype) assoclist → valuetype endsWith : keytype → (keytype * valuetype) assoclist → bool /* note that this probably used in the opposite direction in the model */ contains : keytype → (keytype * valuetype) assoclist → bool

They satisfy the following equalities:

endsWith(, nil) = false contains(, nil) = false endsWith(K, add(K', , L)) = (K == K') endsWith(K, update(, _, L)) = endsWith(K, L) contains(K, add(K', , L)) = (K == K') || contains(K, L) contains(K, update(, , L)) = contains(K, L) find(, nil) = bottom find(K, add(K', V, L)) = if K == K' then V else find(K, L) find(K, update(K', V, L)) = if contains(K, L) then (if K = K' then V else find(K, L)) else bottom