Post on 04-Oct-2020
State Machines
Behaviors and Equivalence
Derived from original set by L. Palopoli @ Uni Trento
Marco Di Natalemarco@sssup.it
State Machines: Behaviors
A behavior of a state machine is a pair (x, y) where x is an input sequence and y is a corresponding output sequence:
Behaviors = {(x, y)∈[Naturals0->Inputs]×[Naturals0->Outputs] | y is a possible output sequence for the input x}
Deterministic behaviours
Deterministic SM:
for every input signal, there is exactly one output
signal.
DetSys : [ Nats → Inputs ] → [ Nats → Outputs ]
Behaviors are Functions:
Nondeterministic behaviours
Nondeterministic Reactive System:
for every input signal, there is one or more output signals.
NondetSys ⊆ [ Nats → Inputs ] × [ Nats → Outputs ]
such that ∀ x ∈ [ Nats → Inputs ],
∃ y ∈ [ Nats → Outputs ], (x,y) ∈ NondetSys
Behaviours are binary relations:
Every pair (x,y) ∈ NondetSys is called a behavior.
Comparing Behaviors
The behaviors of two automata can be put in a relationship
of Refinement (conversely, Abstraction)
The definition of “abstraction” has slightly different meanings
(see OO modeling and design or layered architectures).
Here it refers to formal relationships among behaviors.
System S1 refines system S2
iff
1. Time [S1] = Time [S2] ,
2. Inputs [S1] = Inputs [S2] ,
3. Outputs [S1] = Outputs [S2] ,
4. Behaviors [S1] ⊆ Behaviors [S2] .
S1 is a more detailed description of S2;
S2 is an abstraction or property of S1.
Refinement
Equivalence
Systems S1 and S2 are equivalent
iff
1. Time [S1] = Time [S2] ,
2. Inputs [S1] = Inputs [S2] ,
3. Outputs [S1] = Outputs [S2] ,
4. Behaviors [S1] = Behaviors [S2] .
Same as two-way abstraction/refinement
An example
0
1 2
3
45
0/3
1/4
2/5{1}/1
{1}/1
{1}/0
{1}/1
{1}/1{1}/0
{1}/1
{1}/0
{1}/1A abstracts B
B abstracts A
0 1to5
{1}/1
{1}/1
{1}/0
C abstracts A
C abstracts B
Comparing Behaviors
Ok, this is intuitive, but how can you formally prove
refinement/abstraction ?
…and why is this important? (follows…)
It turns out that formally proving refinement abstraction in the
most general case (nondeterministic FSM) is not easy
Another relation between automata that is related to their
behavior is the possibility of establishing a simulation of
bisimulation relation
Simulation (bisimulation) can be proved by construction, but
in general does not imply refinement (more difficult to prove)
Simulation: a matching game ….
0
1 2
3
45
{1}/1
{1}/1
{1}/0
{1}/1
{1}/1{1}/0
0 1to5
{1}/1
{1}/1
{1}/0
C abstracts A
Is C simulating A?
Start with both machines in the initial state
A matching game ….
0
1 2
3
45
{1}/1
{1}/1
{1}/0
{1}/1
{1}/1{1}/0
0 1to5
{1}/1
{1}/1
{1}/0
Pick any possible reaction of the first machine, the second machine must react to the same input symbol with the same output
A matching game ….
0
1 2
3
45
{1}/1
{1}/1
{1}/0
{1}/1
{1}/1{1}/0
0 1to5
{1}/1
{1}/1
{1}/0
… and so on from the new state in A and B.
If B can always match the {input, output} pair of A “wins” (it is an abstraction)
A matching game ….
0
1 2
3
45
{1}/1
{1}/1
{1}/0
{1}/1
{1}/1{1}/0
0 1to5
{1}/1
{1}/1
{1}/0
The set of state pairs that are matched by this game are called a “simulation relation”
s0
= (0,0) ∈ statesA
× statesC
s1
= (1,1to5) ∈ statesA
× statesC
Simulation: definition
A binary relation S ⊆ States [M1] × States [M2] is a simulation of
M1 by M2 iff
1. ∀ p ∈ possibleInitialStates [M1] ,
∃ q ∈ possibleInitialStates [M2], (p, q) ∈ S and
2. if (p, q) ∈ S, with p ∈ States [M1] and q ∈ States [M2]
then ∀ x ∈ Inputs and ∀ (p’, y) ∈ possibleUpdates [M1] (p, x)
there ∃ q’ ∈ States [M2] such that
(q’, y) ∈ possibleUpdates [M2] (q, x) and (p’, q’) ∈ S .
Sufficient condition for refinement
Theorem :
The nondeterministic state machine M1 refines the nondeterministic state machine M2
if
there exists a simulation of M1 by M2 .
condition on behaviors
relation between states
simulation → abstraction
Sufficient but not necessary
Theorem :
The nondeterministic state machines M1 refines the nondeterministic state machine M2
if
there exists a simulation of M1 by M2 .
Not “if-and-only-if” ! Not symmetric !
(We say that “M2 simulates M1”.)
simulation ↔ abstraction
¬simulation → ¬ abstraction
Intuition
• The theorem simply states that M2 can match every
move of M1 producing the same output
• Moreover, if M2 cannot produce an output sequence, neither can M1, as stated below:
Corollary:
Let M2 simulate M1. If (x,y)∉BehavioursM2
then
(x,y)∉ BehavioursM1
.
Example
Channel that drops every third zero
Nats0
→ Bins
Nats0
→ Bins
0 1 1 0 0 0 1 1 … 0 1 1 0 0 ⊥ 1 1 …ThirdZero
Example - (continued)
State between time t-1 and t:
3 third zero from now will be dropped
2 second zero from now will be dropped
1 next zero will be dropped
1 32
0 / ⊥
0 / 00 / 0
1 / 1 1 / 11 / 1
Example - (continued)
ThirdZero refines NotTwice
a b0 / 01 / 1
0 / 0
1 / ⊥0 / ⊥
1 / 1
1 32
0 / ⊥
0 / 00 / 0
1 / 1 1 / 11 / 1
Example - (continued)
ThirdZero is simulated by NotTwice
a b0 / 01 / 1
0 / 0
1 / ⊥0 / ⊥
1 / 1
1 32
0 / ⊥
0 / 00 / 0
1 / 1 1 / 11 / 1
Simulation
S = { (3,b),
Example - (continued)
ThirdZero is simulated by NotTwice
a b 0 / 01 / 1
0 / 0
1 / ⊥0 / ⊥
1 / 1
1 32
0 / ⊥
0 / 00 / 0
1 / 1 1 / 11 / 1
Simulation
S = {
(3,b),
(2,b),
a b 0 / 01 / 1
0 / 0
1 / ⊥0 / ⊥
1 / 1
1 32
0 / ⊥
0 / 00 / 0
1 / 1 1 / 11 / 1
Simulation
S = { (3,b),
(2,b),
(1,b),
Example - (continued)
ThirdZero is simulated by NotTwice
a b 0 / 01 / 1
0 / 0
1 / ⊥0 / ⊥
1 / 1
1 32
0 / ⊥
0 / 00 / 0
1 / 1 1 / 11 / 1
Simulation
S = { (3,b),
(2,b),
(1,b),
(3,a) }
Example - (continued)
ThirdZero is simulated by NotTwice
a b 0 / 01 / 1
0 / 0
1 / ⊥0 / ⊥
1 / 1
1 32
0 / ⊥
0 / 00 / 0
1 / 1 1 / 11 / 1
Example - (continued)
ThirdZero is not simulated by NotTwice
Example - (continued)
NotTwice is not simulated by ThirdZero
a b 0 / 01 / 1
0 / 0
1 / ⊥0 / ⊥
1 / 1
1 32
0 / ⊥
0 / 00 / 0
1 / 1 1 / 11 / 1
X 0 / ⊥
Remark
• If M2 satisfies a property, so does M1
• For instance, insofar as the property not-twice, is of interest, we can prove it on NotTwice and it also applies to ThirdZero
Remark 1
If M2 is a deterministic state machine, then
M1 is simulated by M2
iff
M1 is equivalent to M2.
Remark 2
If M2 is a nondeterministic state machine, then
M1 is simulated by M2
implies
M1 refines M2,
but M2 may not refine M1.
( Recall M1 = ThirdZero and M2 = NotTwice .)
Refinement but not simulation
a b
c
d
{1}/1
{1}/1
{1}/0
a
h
c
d{1}/1
{1}/1
{1}/0
f{1}/1
• Does the second simulate the first?
No, it does not!
• Do the two machines have the same behaviours?
Yes, they do!
In general, Refinement does not imply simulation
State machines
A more detailed classification
Nondeterministic
Output-deterministic
Deterministic
But, we will see that any NDFSM can be transformed into an equivalent DFSM!
A more detailed classification
Nondeterministic
Output-deterministic
Deterministic
A state machine is deterministic
iff
there is only one initial state, and
for every state and every input, there is
only one successor state.
Hence, for every input signal there is exactly one run.
Deterministic FSM
Deterministic
A state machine is output-deterministic
iff
there is only one initial state,
and
for every state and every input-output pair,
there is only one successor state.
Hence, for every behavior there is exactly one run.
Output-deterministic FSM
Output-deterministic
Deterministic
If M2 is a deterministic state machine, then
M1 is simulated by M2
iff
M1 is equivalent to M2.
M1 refines M2, and M2 refines M1
Summary
If M2 is an output-deterministic state machine, then
We have a necessary condition
M1 is simulated by M2
iff
M1 refines M2.
A necessary condition
If M2 is a nondeterministic state machine, then
M1 is simulated by M2
implies
M1 refines M2.
That does not hold for general nondeterministic FSM
But …
if M2 is a nondeterministic state machine, then if
M1 is not simulated by M2
we are not able to conclude whether
M1 refines or not M2.
No necessary condition ?
Fortunately:
For every nondeterministic state machine M, we
can find an output-deterministic state machine
det(M) that is equivalent to M.
( This is called “subset construction.” )
Computing an output-deterministic equivalent FSM
Then, to check if M1 refines M2, check if M1 is
simulated by det(M2):
M1 refines M2
iff
M1 refines det(M2)
iff
M1 is simulated by det(M2).
Finding a necessary condition
Then, to check if M1 refines M2, check if M1
is simulated by det(M2):
M1 refines M2
iff
M1 refines det(M2)
iff
M1 is simulated by det(M2).
output-deterministic
Finding a necessary condition
The Subset Construction
Given: nondeterministic state machine M
Find: output-deterministic state machine
det(M) that is equivalent to M
Computing the output deterministic form
The Subset Construction
Given: nondeterministic state machine M
Find: output-deterministic state machine det(M)
that is equivalent to M
Inputs [det(M)] = Inputs [M]
Outputs [det(M)] = Outputs [M]
Computing the output deterministic form
The Subset Construction
Let initialState [ det(M) ] = possibleInitialStates [M] ;
Let States [ det(M) ] = { initialState [det(M)] } ;
Repeat as long as new transitions can be added to det(M)
Choose P∈States [det(M)] and (x,y)∈Inputs×Outputs
Q = {q∈States [M] | ∃p∈P, (q,y)∈possibleUpdates [M](p,x)}
If Q ≠ Ø then
States [det(M)] = States [det(M)] ∪ {Q} ;
update [det(M)] (P,x) = (Q,y) .
Computing the output deterministic form
Example - (continued)
1 / 1a bM
{a}det(M)
0 / 11 / 0
0 / 0
1 / 1
Example - (continued)
1 / 1a bM
{a}det(M)
0 / 0
0 / 11 / 0
0 / 0
1 / 1
Example - (continued)
1 / 1a bM
1 / 1
{a} {a,b}det(M)
0 / 0
0 / 11 / 0
0 / 0
1 / 1
Example - (continued)
1 / 1a bM
1 / 1
{a} {a,b}det(M)
0 / 0
0 / 0
0 / 11 / 0
0 / 0
1 / 1
Example - (continued)
1 / 1a bM
1 / 1
{a} {a,b}det(M)
0 / 0 1 / 1
0 / 0
0 / 11 / 0
0 / 0
1 / 1
Example - (continued)
1 / 1a bM
1 / 1
{a} {a,b}det(M)
0 / 0
{b}0 / 1
1 / 1
0 / 0
0 / 11 / 0
0 / 0
1 / 1
Example - (continued)
1 / 1a bM
1 / 1
{a} {a,b}det(M)
0 / 0
{b}
0 / 11 / 0
1 / 1
0 / 0
0 / 11 / 0
0 / 0
1 / 1
Example - (continued)
1 / 1a bM
1 / 1
{a} {a,b}det(M)
0 / 0
{b}
0 / 1
0 / 11 / 0
1 / 1
0 / 0
0 / 11 / 0
0 / 0
1 / 1
1 / 1a bM
1 / 1
{a} {a,b}det(M)
0 / 0
{b}
0 / 1
1 / 0
0 / 11 / 0
1 / 1
0 / 0
0 / 11 / 0
0 / 0
1 / 1
Example - (continued)
Test
Test