State Machines Behaviorsand Equivalenceretis.sssup.it/~marco/files/lesson7-state_machines... ·...

State Machines

Behaviors and Equivalence

Derived from original set by L. Palopoli @ Uni Trento

Marco Di [email protected]

State Machines: Behaviors

A behavior of a state machine is a pair (x, y) where x is an input sequence and y is a corresponding output sequence:

Behaviors = {(x, y)∈[Naturals0->Inputs]×[Naturals0->Outputs] | y is a possible output sequence for the input x}

Deterministic behaviours

Deterministic SM:

for every input signal, there is exactly one output

signal.

DetSys : [ Nats → Inputs ] → [ Nats → Outputs ]

Behaviors are Functions:

Nondeterministic behaviours

Nondeterministic Reactive System:

for every input signal, there is one or more output signals.

NondetSys ⊆ [ Nats → Inputs ] × [ Nats → Outputs ]

such that ∀ x ∈ [ Nats → Inputs ],

∃ y ∈ [ Nats → Outputs ], (x,y) ∈ NondetSys

Behaviours are binary relations:

Every pair (x,y) ∈ NondetSys is called a behavior.

Comparing Behaviors

The behaviors of two automata can be put in a relationship

of Refinement (conversely, Abstraction)

The definition of “abstraction” has slightly different meanings

(see OO modeling and design or layered architectures).

Here it refers to formal relationships among behaviors.

System S1 refines system S2

iff

1. Time [S1] = Time [S2] ,

2. Inputs [S1] = Inputs [S2] ,

3. Outputs [S1] = Outputs [S2] ,

4. Behaviors [S1] ⊆ Behaviors [S2] .

S1 is a more detailed description of S2;

S2 is an abstraction or property of S1.

Refinement

Equivalence

Systems S1 and S2 are equivalent

iff

1. Time [S1] = Time [S2] ,

2. Inputs [S1] = Inputs [S2] ,

3. Outputs [S1] = Outputs [S2] ,

4. Behaviors [S1] = Behaviors [S2] .

Same as two-way abstraction/refinement

An example

0

1 2

3

45

0/3

1/4

2/5{1}/1

{1}/1

{1}/0

{1}/1

{1}/1{1}/0

{1}/1

{1}/0

{1}/1A abstracts B

B abstracts A

0 1to5

{1}/1

{1}/1

{1}/0

C abstracts A

C abstracts B

Comparing Behaviors

Ok, this is intuitive, but how can you formally prove

refinement/abstraction ?

…and why is this important? (follows…)

It turns out that formally proving refinement abstraction in the

most general case (nondeterministic FSM) is not easy

Another relation between automata that is related to their

behavior is the possibility of establishing a simulation of

bisimulation relation

Simulation (bisimulation) can be proved by construction, but

in general does not imply refinement (more difficult to prove)

Simulation: a matching game ….

0

1 2

3

45

{1}/1

{1}/1

{1}/0

{1}/1

{1}/1{1}/0

0 1to5

{1}/1

{1}/1

{1}/0

C abstracts A

Is C simulating A?

Start with both machines in the initial state

A matching game ….

0

1 2

3

45

{1}/1

{1}/1

{1}/0

{1}/1

{1}/1{1}/0

0 1to5

{1}/1

{1}/1

{1}/0

Pick any possible reaction of the first machine, the second machine must react to the same input symbol with the same output


0

1 2

3

45

{1}/1

{1}/1

{1}/0

{1}/1

{1}/1{1}/0

0 1to5

{1}/1

{1}/1

{1}/0

… and so on from the new state in A and B.

If B can always match the {input, output} pair of A “wins” (it is an abstraction)


0

1 2

3

45

{1}/1

{1}/1

{1}/0

{1}/1

{1}/1{1}/0

0 1to5

{1}/1

{1}/1

{1}/0

The set of state pairs that are matched by this game are called a “simulation relation”

s0

= (0,0) ∈ statesA

× statesC

s1

= (1,1to5) ∈ statesA

× statesC

Simulation: definition

A binary relation S ⊆ States [M1] × States [M2] is a simulation of

M1 by M2 iff

1. ∀ p ∈ possibleInitialStates [M1] ,

∃ q ∈ possibleInitialStates [M2], (p, q) ∈ S and

2. if (p, q) ∈ S, with p ∈ States [M1] and q ∈ States [M2]

then ∀ x ∈ Inputs and ∀ (p’, y) ∈ possibleUpdates [M1] (p, x)

there ∃ q’ ∈ States [M2] such that

(q’, y) ∈ possibleUpdates [M2] (q, x) and (p’, q’) ∈ S .

Sufficient condition for refinement

Theorem :

The nondeterministic state machine M1 refines the nondeterministic state machine M2

if

there exists a simulation of M1 by M2 .

condition on behaviors

relation between states

simulation → abstraction

Sufficient but not necessary

Theorem :

The nondeterministic state machines M1 refines the nondeterministic state machine M2

if

there exists a simulation of M1 by M2 .

Not “if-and-only-if” ! Not symmetric !

(We say that “M2 simulates M1”.)

simulation ↔ abstraction

¬simulation → ¬ abstraction

Intuition

• The theorem simply states that M2 can match every

move of M1 producing the same output

• Moreover, if M2 cannot produce an output sequence, neither can M1, as stated below:

Corollary:

Let M2 simulate M1. If (x,y)∉BehavioursM2

then

(x,y)∉ BehavioursM1

.

Example

Channel that drops every third zero

Nats0

→ Bins

Nats0

→ Bins

0 1 1 0 0 0 1 1 … 0 1 1 0 0 ⊥ 1 1 …ThirdZero

Example - (continued)

State between time t-1 and t:

3 third zero from now will be dropped

2 second zero from now will be dropped

1 next zero will be dropped

1 32

0 / ⊥

0 / 00 / 0

1 / 1 1 / 11 / 1


ThirdZero refines NotTwice

a b0 / 01 / 1

0 / 0

1 / ⊥0 / ⊥

1 / 1

1 32

0 / ⊥

0 / 00 / 0

1 / 1 1 / 11 / 1


ThirdZero is simulated by NotTwice

a b0 / 01 / 1

0 / 0

1 / ⊥0 / ⊥

1 / 1

1 32

0 / ⊥

0 / 00 / 0

1 / 1 1 / 11 / 1

Simulation

S = { (3,b),



a b 0 / 01 / 1

0 / 0

1 / ⊥0 / ⊥

1 / 1

1 32

0 / ⊥

0 / 00 / 0

1 / 1 1 / 11 / 1

Simulation

S = {

(3,b),

(2,b),

a b 0 / 01 / 1

0 / 0

1 / ⊥0 / ⊥

1 / 1

1 32

0 / ⊥

0 / 00 / 0

1 / 1 1 / 11 / 1

Simulation

S = { (3,b),

(2,b),

(1,b),



a b 0 / 01 / 1

0 / 0

1 / ⊥0 / ⊥

1 / 1

1 32

0 / ⊥

0 / 00 / 0

1 / 1 1 / 11 / 1

Simulation

S = { (3,b),

(2,b),

(1,b),

(3,a) }



a b 0 / 01 / 1

0 / 0

1 / ⊥0 / ⊥

1 / 1

1 32

0 / ⊥

0 / 00 / 0

1 / 1 1 / 11 / 1


ThirdZero is not simulated by NotTwice


NotTwice is not simulated by ThirdZero

a b 0 / 01 / 1

0 / 0

1 / ⊥0 / ⊥

1 / 1

1 32

0 / ⊥

0 / 00 / 0

1 / 1 1 / 11 / 1

X 0 / ⊥

Remark

• If M2 satisfies a property, so does M1

• For instance, insofar as the property not-twice, is of interest, we can prove it on NotTwice and it also applies to ThirdZero

Remark 1

If M2 is a deterministic state machine, then

M1 is simulated by M2

iff

M1 is equivalent to M2.

Remark 2

If M2 is a nondeterministic state machine, then


implies

M1 refines M2,

but M2 may not refine M1.

( Recall M1 = ThirdZero and M2 = NotTwice .)

Refinement but not simulation

a b

c

d

{1}/1

{1}/1

{1}/0

a

h

c

d{1}/1

{1}/1

{1}/0

f{1}/1

• Does the second simulate the first?

No, it does not!

• Do the two machines have the same behaviours?

Yes, they do!

In general, Refinement does not imply simulation

State machines

A more detailed classification

Nondeterministic

Output-deterministic

Deterministic

But, we will see that any NDFSM can be transformed into an equivalent DFSM!

A more detailed classification

Nondeterministic


Deterministic

A state machine is deterministic

iff

there is only one initial state, and

for every state and every input, there is

only one successor state.

Hence, for every input signal there is exactly one run.

Deterministic FSM

Deterministic

A state machine is output-deterministic

iff

there is only one initial state,

and

for every state and every input-output pair,

there is only one successor state.

Hence, for every behavior there is exactly one run.

Output-deterministic FSM


Deterministic

If M2 is a deterministic state machine, then


iff

M1 is equivalent to M2.

M1 refines M2, and M2 refines M1

Summary

If M2 is an output-deterministic state machine, then

We have a necessary condition


iff

M1 refines M2.

A necessary condition

If M2 is a nondeterministic state machine, then


implies

M1 refines M2.

That does not hold for general nondeterministic FSM

But …

if M2 is a nondeterministic state machine, then if

M1 is not simulated by M2

we are not able to conclude whether

M1 refines or not M2.

No necessary condition ?

Fortunately:

For every nondeterministic state machine M, we

can find an output-deterministic state machine

det(M) that is equivalent to M.

( This is called “subset construction.” )

Computing an output-deterministic equivalent FSM

Then, to check if M1 refines M2, check if M1 is

simulated by det(M2):

M1 refines M2

iff

M1 refines det(M2)

iff

M1 is simulated by det(M2).

Finding a necessary condition

Then, to check if M1 refines M2, check if M1

is simulated by det(M2):

M1 refines M2

iff

M1 refines det(M2)

iff

M1 is simulated by det(M2).

output-deterministic

Finding a necessary condition

The Subset Construction

Given: nondeterministic state machine M

Find: output-deterministic state machine

det(M) that is equivalent to M

Computing the output deterministic form


Given: nondeterministic state machine M

Find: output-deterministic state machine det(M)

that is equivalent to M

Inputs [det(M)] = Inputs [M]

Outputs [det(M)] = Outputs [M]



Let initialState [ det(M) ] = possibleInitialStates [M] ;

Let States [ det(M) ] = { initialState [det(M)] } ;

Repeat as long as new transitions can be added to det(M)

Choose P∈States [det(M)] and (x,y)∈Inputs×Outputs

Q = {q∈States [M] | ∃p∈P, (q,y)∈possibleUpdates [M](p,x)}

If Q ≠ Ø then

States [det(M)] = States [det(M)] ∪ {Q} ;

update [det(M)] (P,x) = (Q,y) .



1 / 1a bM

{a}det(M)

0 / 11 / 0

0 / 0

1 / 1


1 / 1a bM

{a}det(M)

0 / 0

0 / 11 / 0

0 / 0

1 / 1


1 / 1a bM

1 / 1

{a} {a,b}det(M)

0 / 0

0 / 11 / 0

0 / 0

1 / 1


1 / 1a bM

1 / 1

{a} {a,b}det(M)

0 / 0

0 / 0

0 / 11 / 0

0 / 0

1 / 1


1 / 1a bM

1 / 1

{a} {a,b}det(M)

0 / 0 1 / 1

0 / 0

0 / 11 / 0

0 / 0

1 / 1


1 / 1a bM

1 / 1

{a} {a,b}det(M)

0 / 0

{b}0 / 1

1 / 1

0 / 0

0 / 11 / 0

0 / 0

1 / 1


1 / 1a bM

1 / 1

{a} {a,b}det(M)

0 / 0

{b}

0 / 11 / 0

1 / 1

0 / 0

0 / 11 / 0

0 / 0

1 / 1


1 / 1a bM

1 / 1

{a} {a,b}det(M)

0 / 0

{b}

0 / 1

0 / 11 / 0

1 / 1

0 / 0

0 / 11 / 0

0 / 0

1 / 1

1 / 1a bM

1 / 1

{a} {a,b}det(M)

0 / 0

{b}

0 / 1

1 / 0

0 / 11 / 0

1 / 1

0 / 0

0 / 11 / 0

0 / 0

1 / 1


State Machines Behaviorsand Equivalenceretis.sssup.it/~marco/files/lesson7-state_machines... ·...

Documents

Transcript of State Machines Behaviorsand Equivalenceretis.sssup.it/~marco/files/lesson7-state_machines... ·...