A Compositional Approach to Bisimulation of Arenas of Finite State Machines

Similar documents
arxiv: v2 [cs.fl] 11 Dec 2011

University of Groningen. Bisimulation Theory for Switching Linear Systems Pola, Giordano; van der Schaft, Abraham; Benedetto, Maria D.

Approximation Metrics for Discrete and Continuous Systems

Approximately Bisimilar Finite Abstractions of Stable Linear Systems

Simulation and Bisimulation over Multiple Time Scales in a Behavioral Setting

APPROXIMATE SIMULATION RELATIONS FOR HYBRID SYSTEMS 1. Antoine Girard A. Agung Julius George J. Pappas

Bisimilar Finite Abstractions of Interconnected Systems

arxiv: v2 [cs.sy] 16 Jun 2011

Equivalence of dynamical systems by bisimulation

DISTINGUING NON-DETERMINISTIC TIMED FINITE STATE MACHINES

Symbolic Control of Incrementally Stable Systems

The State Explosion Problem

Approximate Bisimulations for Constrained Linear Systems

Approximately bisimilar symbolic models for nonlinear control systems

Symbolic sub-systems and symbolic control of linear systems

EE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories. Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo

Multi-Modal Control of Systems with Constraints

ESE601: Hybrid Systems. Introduction to verification

State Explosion in Almost-Sure Probabilistic Reachability

Embedded Systems 2. REVIEW: Actor models. A system is a function that accepts an input signal and yields an output signal.

Models for Efficient Timed Verification

Comparing State Machines: Equivalence and Refinement

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

Finite Abstractions of Discrete-time Linear Systems and Its Application to Optimal Control

EE291E Lecture Notes 3 Autonomous Hybrid Automata

On Distribution Based Bisimulations for Probabilistic Automata

Timed Automata. Semantics, Algorithms and Tools. Zhou Huaiyang

Discrete-state Abstractions of Nonlinear Systems Using Multi-resolution Quantizer

New Complexity Results for Some Linear Counting Problems Using Minimal Solutions to Linear Diophantine Equations

Model checking LTL over controllable linear systems is decidable

Towards a Denotational Semantics for Discrete-Event Systems

Synthesis of Reactive Control Protocols for Differentially Flat Systems

Bisimulation, the Supervisory Control Problem and Strong Model Matching for Finite State Machines

Approximate Time-Optimal Control via Approximate Alternating Simulations

Semantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr

A Logical Viewpoint on Process-Algebraic Quotients

Lecture 6: Reachability Analysis of Timed and Hybrid Automata

Partial model checking via abstract interpretation

Low-Complexity Switching Controllers for Safety using Symbolic Models

arxiv: v1 [cs.sy] 12 Oct 2018

On the relationship between bisimulation and combinatorial filter reduction

Analysis and Optimization of Discrete Event Systems using Petri Nets

Undecidability Results for Timed Automata with Silent Transitions

Linear Time Logic Control of Discrete-Time Linear Systems

Preface. Motivation and Objectives

Trace Refinement of π-calculus Processes

Formal Verification of Mobile Network Protocols

Introduction to Embedded Systems

Abstraction-based synthesis: Challenges and victories

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Non-elementary Lower Bound for Propositional Duration. Calculus. A. Rabinovich. Department of Computer Science. Tel Aviv University

Correcting a Space-Efficient Simulation Algorithm

Using a Minimal Number of Resets when Testing from a Finite State Machine

Hybrid Automata and ɛ-analysis on a Neural Oscillator

On the Average Complexity of Brzozowski s Algorithm for Deterministic Automata with a Small Number of Final States

What You Must Remember When Processing Data Words

Deterministic Finite-Automata Abstractions of Time-Variant Sequential Behaviours

TESTING is one of the most important parts of the

Bridging the Gap between Reactive Synthesis and Supervisory Control

On the Design of Adaptive Supervisors for Discrete Event Systems

State-Space Exploration. Stavros Tripakis University of California, Berkeley

Complexity Classes in Membrane Computing

The Verification of Real Time Systems using the TINA Tool

Time-Constrained Temporal Logic Control of Multi-Affine Systems

A Modern Mathematical Theory of Co-operating State Machines

Verification of temporal properties on hybrid automata by simulation relations

Introduction to Embedded Systems

Control of Hybrid Petri Nets using Max-Plus Algebra

A Brief Introduction to Model Checking

OPTIMAL TOKEN ALLOCATION IN TIMED CYCLIC EVENT GRAPHS

Duality in Probabilistic Automata

Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms

Equivalence Notions and Model Minimization in Markov Decision Processes

Model checking the basic modalities of CTL with Description Logic

On Properties and State Complexity of Deterministic State-Partition Automata

A note on coinduction and weak bisimilarity for while programs

LTL Control in Uncertain Environments with Probabilistic Satisfaction Guarantees

Bisimulations for Input-Output Stability of Hybrid Systems

540 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 43, NO. 4, APRIL Algorithmic Analysis of Nonlinear Hybrid Systems

Limiting Behavior of Markov Chains with Eager Attractors

A Canonical Contraction for Safe Petri Nets

Discrete abstractions of hybrid systems for verification

Equivalence notions and model minimization in Markov decision processes

Model Checking: An Introduction

Correspondence between Kripke Structures and Labeled Transition Systems for Model Minimization

APPROXIMATE BISIMULATION: A BRIDGE BETWEEN COMPUTER SCIENCE AND CONTROL THEORY. 1. Introduction

On Controllability and Normality of Discrete Event. Dynamical Systems. Ratnesh Kumar Vijay Garg Steven I. Marcus

Timed Test Generation Based on Timed Temporal Logic

Optimal Control of Mixed Logical Dynamical Systems with Linear Temporal Logic Specifications

Electronic Notes in Theoretical Computer Science 18 (1998) URL: 8 pages Towards characterizing bisim

PLEASE DO NOT REMOVE THIS PAGE

Georgios E. Fainekos, Savvas G. Loizou and George J. Pappas. GRASP Lab Departments of CIS, MEAM and ESE University of Pennsylvania

Semi-decidable Synthesis for Triangular Hybrid Systems

A Uniformization Theorem for Nested Word to Word Transductions

for Propositional Temporal Logic with Since and Until Y. S. Ramakrishna, L. E. Moser, L. K. Dillon, P. M. Melliar-Smith, G. Kutty

Causality Interfaces and Compositional Causality Analysis

Finite-State Model Checking

Automata-based Verification - III

Synthesis of Distributed Control and Communication Schemes from Global LTL Specifications

Necessary and Sufficient Conditions for Reachability on a Simplex

Transcription:

A Compositional Approach to Bisimulation of Arenas of Finite State Machines Giordano Pola, Maria D. Di Benedetto and Elena De Santis Department of Electrical and Information Engineering, Center of Excellence DEWS, University of L Aquila, 67100 L Aquila, Italy, giordano.pola,elena.desantis,mariadomenica.dibenedetto@univaq.it Abstract: Finite state machines are widely used as a sound mathematical formalism which appropriately describes large scale distributed and complex systems, arising in many technological domains of interest. One of the key issues in the modeling and analysis of such systems is to derive formal methods that cope with their inherent complexity. In this paper we introduce a novel class of non flat systems that we term arenas of finite state machines. Arenas of finite state machines are collections of finite state machines that interact concurrently through a communication network. By expanding the arena, a flat system is obtained which is an ordinary finite state machine. For this class of non flat systems we propose a notion of compositional bisimulation, which allows one to check bisimulation equivalence of arenas by directly exploiting their communication networks, without the need of expanding them to the corresponding finite state machines. Computational complexity analysis of the proposed approach is discussed and an illustrative example is included in the paper. Keywords: finite state machines, multi series composition, non flat systems, bisimulation, compositional bisimulation. 1. INTRODUCTION Finite state machines (FSMs) are widely used in the modeling of complex systems, ranging from computer and communication networks, automated manufacturing systems, air traffic management systems, distributed software systems, among many others, see e.g. Cassandras and Lafortune [1999], Clarke et al. [1999]. Recently, finite state machines have been also employed as a sound mathematical paradigm to describe purely continuous and hybrid systems in the context of the so called correct by design embedded control software, see e.g. Alur et al. [2000], Tabuada [2009], Girard et al. [2010], Belta and Habets [2006] and the references therein. The increasing complexity of large scale systems, arising in many technological areas of interest, demanded during the years for formal methods that can render their analysis tractable from a computational point of view. Several approaches have been proposed in the literature which include abstraction, modular verification methods, symmetry and partial order reduction, see e.g. Clarke et al. [1999]. The common goal of these approaches is to find a finite state machine which is equivalent to the original one, and with smaller size of the set of states. In this paper we follow the approach from Alur and co workers (see e.g. Alur and Yannakakis [2001], Alur et al. [1999]), which regards a complex system as a non flat system. A non flat system is a finite state machine, where each state can be either a basic state or a superstate (Harel [1987]), that hides inside a finite state machine or even a (sequential and/or parallel) composition This work has been partially supported by European Commission under STREP projects IFLY and HYCON 2, and by the Center of Excellence for Research DEWS, University of L Aquila, Italy. of finite state machines. By expanding the superstates of a non flat system to their corresponding finite state machines, a flat system is obtained, which is an ordinary finite state machine. One of the early non flat systems appeared in the literature is the one of hierarchical state machines (Alur and Yannakakis [2001]). While hierarchical finite state machines well capture modeling features of many design languages as for example Statecharts (Harel [1987]), they only consider sequential interaction among the finite state machines involved. Hierarchical state machines have been further generalized in Alur et al. [1999] to communicating hierarchical state machines where finite state machines can interact not only sequentially but also concurrently, through the notion of parallel composition. A naive approach to analyze and control such systems is to flat them or equivalently, to expand them to ordinary finite state machines, thus incurring in an exponential grow of the state space. This method is in general computationally demanding both from space and time complexity point of view. One challenge in this research direction is to derive formal methods for the analysis of such non flat systems, by directly exploiting their inherent hierarchical structure at the higher level. For example, the work in Alur and Yannakakis [2001] showed that reachability problems for hierarchical finite state machines can be studied with polynomial time complexity by directly analyzing the non flat system. Reachability problems have been studied also in Alur et al. [1999] for communicating hierarchical state machines and proved to fall in the class of exponential time and space complexity problems. Moreover, checking language and bisimulation equivalence are proved in Alur et al. [1999] to be an exponential space hard problem. This last complexity result is in line with the ones further Copyright by the International Federation of Automatic Control (IFAC) 7006

established in Laroussinie and Schnoebelen [2000], Sawa and Janar [2009] on space and time complexity arising in checking a range of equivalence notions in the linear time branching time spectrum (van Glabbeek [1990]) for networks of finite state machines, modeled by parallel composition of finite state machines. In particular, these work showed that checking any equivalence relation lying between bisimilarity and trace preorder is an exponential time hard problem, as conjectured in Rabinovich [1997]. As argued in Laroussinie and Schnoebelen [2000], these results strongly suggest that there is no way to escape the state explosion problem, when checking behavioral relations and in particular bisimulation equivalence, for this class of non flat systems. In this paper we introduce a novel class of non flat systems which is termed arena of finite state machines. Arenas of finite state machines are collections of finite state machines that interact concurrently, through a communication network. For this class of non flat systems we propose a notion of compositional bisimulation which is based on the communication network governing interaction mechanism among the FSMs. Existence of compositional bisimulations allows one to check bisimulation equivalence of arenas, without the need of expanding them to ordinary finite state machines. A computational complexity analysis is performed, which shows that checking compositional bisimulation scales as N 2 log(n) with the number N of FSMs in the arena. This approach contrasts with any approach based on checking bisimulation equivalence on the FSM obtained by expanding the arena, which scales exponentially with N. 2. NOTATION Given a set A, the symbol 2 A denotes the set of subsets of A and the symbol A denotes the cardinality of A. A set A is singleton if A = 1. Given a bijective function f : A B, function f 1 : B A denotes the unique inverse function of f so that b = f(f 1 (b)), for any b B. A relation R A B is said to be total if for any a A there exists b B so that (a, b) R and conversely, for any b B there exists a A so that (a, b) R. The relation R is the identity relation if it is total and, (a, b) R if and only if a = b. 3. FINITE STATE MACHINES AND EQUIVALENCE NOTIONS In this paper we consider finite state machines in the formulation of Moore [1956] where states are labeled with outputs and transitions are labeled with inputs. Definition 3.1. (Bustan and Grumberg [2001]) A Finite State Machine (FSM) is a tuple where: M = (X, X 0, U, Y, H, ), (1) X is a finite set of states; X 0 X is a set of initial states; U is a finite set of input symbols; Y is a finite set of output symbols; H : X 2 Y is an output map; X 2 U X is a transition relation. The above definition differs from the classical ones given for Moore FSMs, which usually model the transition relation as a subset of X U X and the output map H as a function from X to Y. In the sequel we show the benefits of this formulation when modeling multiple interactions of finite state machines. In this paper we denote a transition (x, u, x ) of M by x u x. By definition of, a transition of the form x x is allowed. Such a transition is regarded as private or internal to the FSM. Analogously for a state x X, H(x) = is allowed, meaning that state x is not visible from the external environment. Several notions of equivalence have been introduced for the class of finite state machines, see e.g. van Glabbeek [1990]. In this paper we focus on the notion of bisimulation equivalence (Milner [1989], Park [1981]). Bisimulation equivalence is widely used, as a tool to mitigate complexity of verification and control design of large scale complex systems, see e.g. Clarke et al. [1999]. Intuitively a bisimulation relation between a pair of FSMs M 1 and M 2 is a relation between the corresponding sets of states explaining how a state run of M 1 can be transformed into a state run of M 2 and vice versa. We first recall the notion of isomorphism. Definition 3.2. Finite state machines M i = (X i, X 0 i, U i, Y i, H i, i ) (i = 1, 2) are isomorphic, denoted M 1 = iso M 2, if there exists a bijective function T : X 1 X 2 so that: X2 0 = T (X1 0 ); for any x 1 X 1, H 1 (x 1 ) = H 2 (T (x 1 )); u x 1 x 1 1 if and only if T (x u 1) T (x 2 1 ). The notion of isomorphism is an equivalence relation on the class of finite state machines. The notions of simulation and bisimulation relations are reported hereafter. Definition 3.3. Given a pair of finite state machines M i = (X i, X 0 i, U i, Y i, H i, i ) (i = 1, 2), a relation R X 1 X 2, is a simulation relation from M 1 to M 2 if the following conditions are satisfied: (i) for any x 0 1 X 0 1 there exists x 0 2 X 0 2 so that (x 0 1, x 0 2) R; (ii) for any (x 1, x 2 ) R, H 1 (x 1 ) = H 2 (x 2 ); (iii) for any (x 1, x 2 ) R, existence of x 1 u 1 1 x 1 implies u 2 existence of x 2 x 2 2 so that u 1 = u 2 and (x 1, x 2 ) R. The FSM M 1 is simulated by the FSM M 2, or equivalently M 2 simulates M 1, denoted M 1 M 2, if there exists a simulation relation from M 1 to M 2. Definition 3.4. Given a pair of finite state machines M i = (X i, X 0 i, U i, Y i, H i, i ) (i = 1, 2), a relation R X 1 X 2, is a bisimulation relation between M 1 and M 2 if: (i) R is a simulation relation from M 1 to M 2 ; (ii) R 1 is a simulation relation from M 2 to M 1. 7007

Finite state machines M 1 and M 2 are bisimilar, denoted M 1 = M2, if there exists a bisimulation relation between M 1 and M 2. From the above definition it is readily seen that isomorphism implies bisimulation equivalence, while the converse implication is not true in general. Bisimulation equivalence is an equivalence relation on the class of finite state machines. Given a pair of FSMs M 1 and M 2, the maximal bisimulation relation between M 1 and M 2 is a bisimulation relation R (M 1, M 2 ) so that R R (M 1, M 2 ) for any bisimulation relation R between M 1 and M 2. The maximal bisimulation relation exists and is unique. The quotient (Clarke et al. [1999]) of an FSM M induced by R (M, M) is the minimal (in terms of cardinality of the set of states) bisimilar FSM of M. The minimal bisimilar FSM of a FSM M, denoted M min (M), exists and is unique up to isomorphism. Lemma 3.5. If M min (M 1 ) = M min (M 2 ) then M 1 = iso M 2. Efficient algorithms for computing bisimulation equivalence of FSMs have been extensively studied in the literature, see e.g. Paige and Tarjan [1987], Dovier et al. [2004], Hopcroft [1971], Clarke et al. [1999] and the references therein. We conclude this section with a simple example. Example 3.6. Consider the finite state machines F 1 and F 4 in Figures 2(a) and 2(d). Each circle denotes a state and each edge a transition. In each circle, upper symbol denotes the state and lower symbol the output set associated with the state; symbols labeling edges denote the input sets associated with the transitions. It is readily seen that the maximal bisimulation relation between F 1 and F 4 is R (F 1, F 4 ) = {(1, 8), (1, 11), (2, 9), (2, 10)}. Hence, F 1 and F 4 are bisimilar. Analogously, it is possible to show that F 3 = F5 and F 2 = F6. 4. ARENAS OF FINITE STATE MACHINES In this section we introduce a novel class of not flat systems in the spirit of the work of Alur and Yannakakis [2001], Alur et al. [1999], which we term Arenas of Finite State Machines (AFSMs). AFMSs are collections of finite state machines that interact concurrently through a communication network. The syntax of an AFSM is specified by a directed graph A = (V, E), where: V is a collection of N finite state machines M i = (X i, X 0 i, U i, Y i, H i, i ); E V V describes the communication network of the FSMs M i. When expanding the AFSM A, a flat system is obtained which is the ordinary finite state machine M(A) = (X, X 0, U, Y, H, ), where: X = X 1 X 2... X N is the set of states; X 0 = X1 0 X2 0... XN 0 is the set of initial states; U = Mi VU i is the set of input symbols; Y = Mi VY i is the set of output symbols; H is the output function so that H((x 1, x 2,..., x N )) = Mi VH i (x i ), for any (x 1, x 2,..., x N ) X; X 2 U X is the transition relation so that u (x 1, x 2,..., x N ) (x 1, x 2,..., x N ), whenever the following conditions are satisfied: u i (i) x i x i i is a transition of M i ; (ii) u = i {1,2,...,N} (u i \( j P re(a,mi)h j (x j ))), where: P re(a, M i ) = {j V (M j, M i ) E}. Finite state machine M(A) specifies the semantics of the AFSM A. Such semantics is given through a notion of composition of FSMs that can be regarded as a notion of parallel composition (Clarke et al. [1999]) as specified by condition (i), which respects the topology of the AFMS communication network through condition (ii). 5. COMPOSITIONAL BISIMULATION OF ARENAS OF FINITE STATE MACHINES 5.1 Compositional Bisimulation A naive approach to check bisimulation equivalence of AFSMs A 1 and A 2 consists in first expanding them to the corresponding FSMs M(A 1 ) and M(A 2 ) to then apply standard bisimulation algorithms (see e.g. Paige and Tarjan [1987], Dovier et al. [2004], Hopcroft [1971]). The main practical limitation of this approach resides in the well known state explosion problem, see e.g. Laroussinie and Schnoebelen [2000], Sawa and Janar [2009]. In fact, according to the semantics of AFSMs, any bisimulation algorithm that applies to the flat systems M(A i ) of the AFSMs, scales exponentially with the number of the FSMs involved in the AFSM. Inspired by the work of Alur and Yannakakis [2001], Alur et al. [1999] in this section we propose an alternative approach to check bisimulation equivalence of AFSMs. The notion of isomorphism between FSMs in Definition 3.2 can be easily adapted to AFSMs, as follows. Definition 5.1. Two arenas A j = (V j, E j ) of FSMs M j 1, M j 2,..., M j N (j = 1, 2) are isomorphic if there exists a j bijective function T : V 1 V 2 so that: Mi 1 V1 and T(Mi 1) V2 are isomorphic; (Mi 1, M 1, i ) E 1 if and only if (T(Mi 1 1, ), T(Mi )) E 2. We can now introduce the central notion of this paper that extends the notion of bisimulation equivalence from FSMs to arenas of FSMs. Definition 5.2. Given a pair of arenas A j = (V j, E j ) of FSMs M j 1, M j 2,..., M j N (j = 1, 2), a relation j R V 1 V 2, is a compositional bisimulation relation between A 1 and A 2 if for any (Mi 1, M j 2 ) R the following conditions are satisfied: (i) Mi 1 = Mj 2; (ii) existence of (Mi 1, M 1, i ) E 1 implies existence of (Mj 2, M 2, j ) E 2 so that (M 1, i, M 2, j ) R; (iii) existence of (M 2 j, M 2, j ) E 2 implies existence of (M 1 i, M 1, i ) E 1 so that (M 1, i, M 2, j ) R. 7008

AFSMs A 1 and A 2 are compositionally bisimilar, denoted A 1 = c A 2, if there exists a total compositional bisimulation relation between A 1 and A 2. Basic facts on bisimulation equivalence of FSMs recalled in Section 3 can be adapted to compositional bisimulation of AFSMs, as follows. The notion of compositional bisimulation is an equivalence relation on the class of AFSMs. Given a pair of AFSMs A 1 and A 2, the maximal compositional bisimulation relation between A 1 and A 2 is a compositional bisimulation relation R (A 1, A 2 ) so that R R (A 1, A 2 ) for any compositional bisimulation relation R. The quotient 1 of an AFSM A induced by R (A, A) is the minimal (in terms of the number of the FSMs involved) compositionally bisimilar AFSM of A. The minimal AFSM of an AFSM A, denoted A min (A), exists and it is unique, up to isomorphisms. We are now ready to present the main result of this paper which shows that the notion of compositional bisimulation of AFSMs conforms the notion of bisimulation of the corresponding flat systems. Theorem 5.3. If AFSMs A 1 = c A 2 then FSMs M(A 1 ) = M(A 2 ). The above result is important because it provides a method to assess bisimulation equivalence of AFSMs A i without expanding them to the corresponding FSMs M(A i ). The following example shows that the converse implication, i.e. whether M(A 1 ) = M(A 2 ) implies A 1 = c A 2 does not hold. Example 5.4. Consider four FSMs M i = (X i, Xi 0, U i, Y i, H i, i ), where each M i is characterized by the unique transition x 0 u i i x i i, where: M 1 M 2 M 3 M 4 u i {b, d} {a, d} H i (x 0 i ) {b, e} H i (x i ) {f} {f} {f} {f} Consider a pair of AFSMs A 1 = (V 1, E 1 ) and A 2 = (V 2, E 2 ), depicted in Figure 1, where V 1 = {M 1, M 2, M 3 }, E 1 = {(M 1, M 3 ), (M 2, M 3 )}, V 2 = {M 2, M 4 } and E 2 = {(M 2, M 4 )}. It is easy to see that the FSM M(A 1 ) is composed by the unique transition: (x 0 1, x 0 2, x 0 3) {a,c} (x 1, x 2, x 3 ), with output function H 1 defined by H 1 (x 0 1, x 0 2, x 0 3) = {b, d, e} and H 1 (x 1, x 2, x 3 ) = {f}. Moreover, the FSM M(A 2 ) is characterized by the unique transition: (x 0 2, x 0 4) {a,c} (x 2, x 4 ), with output function H 2 defined by H 2 (x 0 2, x 0 4) = {b, d, e} and H 2 (x 2, x 4 ) = {f}. Hence, FSMs M(A1 ) and M(A 2 ) are bisimilar. On the other hand, it is easy to see that FSM M 4 is not bisimilar with any FSM M i, i = 1, 2, 3. Hence, A 1 and A 2 are not compositionally bisimilar. 1 In the next section we show how quotients of AFSMs induced by compositional bisimulation can be computed as quotients of appropriate FSMs induced by ordinary bisimulation. M 1 M 3 M 2 M 2 M 4 Fig. 1. AFSM A 1 in the left and AFSM A 2 in the right. Fig. 2. 1 5 12 14 {b, d} (a) F 1 (c) F 3 (e) F 5 2 6 7 13 15 3 8 10 16 18 (b) F 2 {b, d} {b, d} (d) F 4 (f) F 6 4 9 11 17 19 Theorem 5.3 can be used to reduce the size of AFSMs by compositional bisimulation, as follows. Given A, we recall that M min (M(A)) denotes the minimal bisimilar FSM of M(A) and A min (A) denotes the minimal compositionally bisimilar AFSM of A. Theorem 5.5. M min (M(A)) = iso M min (M(A min (A))). The above result suggests a method to employ compositional bisimulation for complexity reduction of AFSMs, as follows: Compute the relation R (A, A); Compute the quotient A min (A); Expand the non flat system A min (A) to the FSM M(A min (A)); Compute the relation R (M(A min (A)), M(A min (A))); Compute the quotient M min (M(A min (A))). The benefits of the above procedure in computing bisimulation equivalence between AFSMs are quantified in the next section, through a computational complexity analysis, and illustrated in Section 6 through an example. 5.2 Computation and Complexity Analysis Semantics of AFSMs is different from the one of FSMs because vertices of the first correspond to FSMs which interact concurrently, while states of the second can be regarded as static processes that interact sequentially. Syntax of AFSMs instead, can be reformulated in terms of syntax of FSMs. Consider a pair of AFSMs A j = (V j, E j ) (j = 1, 2) and define the tuple : 7009

Fig. 3. where: (1,3,5) {a,e} (2,4,7) {b,d,e} (2,4,6) {b,e} (1,3,6) {d,e} {a, d} (1,3,7) {a,d,e} (2,4,5) {d,e} M A j = (X A j, XA 0, U j A j, Y A j, H A j, Aj ), (2) X A j = V j ; XA 0 = V j ; U j A j = {u}; Y A j = V 1 V 2 ; H A j : X A j Y A j is so that H A j (M i ) = H A j (M k) for j, j {1, 2} if and only if M i = Mk ; A j X A j 2 U {u} A j X A j, so that M i M k, if (M i, M k ) E j. A j The syntax of the tuple in (2) is the same as the one of FSMs from which, the following result holds. Proposition 5.6. Consider a pair of AFSMs A 1 and A 2. Then A 1 = c A 2 if and only if M A 1 = MA 2. The above result is important because it implies that existing algorithms for checking bisimulation equivalence of FSMs (see e.g. Paige and Tarjan [1987], Dovier et al. [2004], Hopcroft [1971]) can be used to check compositional bisimulation of AFSMs. We conclude this section by discussing computational complexity in checking compositional bisimulation. Consider a pair of AFSMs A j = (V j, E j ) (j = 1, 2) of FSMs M j i = (Xj i, X0,j i, U j i, Y j i, Hj i, j i ), (i = 1, 2,..., N j ). Proposition 5.7. Time complexity for checking compositional bisimulation between A 1 and A 2 is O((N 1 N 2 ) 2 log(n 1 N 2 )). Proposition 5.8. Space complexity in checking compositional bisimulation between AFSMs A 1 and A 2 is O( A 1 A 2 ), where: A j = V j E i M j i V M j i, M j i = Xj i U j i Y j i j i. 6. AN ILLUSTRATIVE EXAMPLE Consider an arena A = (V, E) of nine FSMs M i, where: M 1 and M 8 coincide with F 1 in Figure 2(a); M 2 and M 7 coincide with F 2 depicted in Figure 2(b); M 5 coincides with F 3 in Figure 2(c); M 3 and M 6 coincide with F 4 in Figure 2(d); M 9 coincides with F 5 depicted in Figure 2(e); M 4 coincides with F 6 depicted in Figure 2(f). Arena A is depicted in Figure 4 (Left Panel). In the following we face the problem of computing the minimal bisimilar FSM M min (M(A)) of M(A). To this purpose we apply Theorem 5.5. We first construct the maximal compositional bisimulation relation R (A, A) between A and itself. By Example 3.6, F 1 = F4, F 3 = F5, and F 2 = F6. By transitivity property of bisimulation equivalence, finite state machines M i in A are so that M 1 = M3 = M6 = M8, M 5 = M9, and M 2 = M4 = M7. A straightforward computation reveals that the resulting maximal compositional bisimulation R (M, M) is composed by the pairs (M i, M j ) R (M, M) for which i, j {1, 3, 6, 8} or i, j {2, 5, 9} or i, j {2, 4}. The quotient A min (A) of A induced by R (A, A) has been constructed and it is easy to see that it is isomorphic to the arena depicted in Figure 4 (Right Panel). By expanding the arena A min (A), the FSM M(A min (A)) has been constructed and reported in Figure 2 3. It is readily seen that the maximal bisimulation relation R (M(A min (A)), M(A min (A))) is the identity relation, and hence M min (A min (A)) = M(A min (A)). An approach to reduction by bisimulation of the arena A, based on expanding the arena A, requires to run the bisimulation algorithm on the FSM M(A), which consists of 49, 152 states. The approach presented in this paper requires to run the bisimulation algorithm: (i) on the collection of FSMs F i composing the arena A, whose sets of states sum up to 28 states; (ii) on the FSM M A induced by the arena A, whose states are 9; (iii) on the FSM M(A min (A)) whose states are 6. 7. CONCLUSION In this paper we introduced a novel class of non flat systems which we called arenas of finite state machines. For this class of non flat systems we proposed a notion of compositional bisimulation. Existence of compositional bisimulations provides a method to assess bisimulation equivalence between AFSMs without expanding them to the corresponding FSMs and hence, without incurring in the state explosion problem. The computational effort in checking compositional bisimulation scales as N 2 log(n) with the number N of FSMs involved in the AFSMs, while the computational effort in checking ordinary bisimulation on the corresponding expanded FSMs scales exponentially with N. Future work will focus on generalizations of the results here presented to non flat systems exhibiting more general compositional features, as for example the class of Communicating Hierarchical Finite State Machines introduced in Alur et al. [1999], which combine parallel and sequential composition. Acknowledgement: The authors would like to thank Alberto Sangiovanni Vincentelli for fruitful discussions on the topic of this paper. REFERENCES Alur, R., Henzinger, T.A., Lafferriere, G., and Pappas, G.J. (2000). Discrete abstractions of hybrid systems. Proceedings of the IEEE, 88, 971 984. Alur, R., Kannan, S., and Yannakakis, M. (1999). Communicating hierarchical state machines. In Computer Science Automata, Languages and Programming, volume 1644 of Lecture Notes in Computer Science, 169 178. Springer Verlag. 2 In fact, the FSM depicted in Figure 3 is the accessible part (Cassandras and Lafortune [1999]) of M(A min (A)). 7010

M 1 M 2 M 3 M 4 F 1 F 2 M 5 M 6 M 7 M 8 M 9 F 3 Fig. 4. Alur, R. and Yannakakis, M. (2001). Model checking of hierarchical state machines. ACM Transactions on Programming Languages and Systems, 23(3), 273 303. Belta, C. and Habets, L. (2006). Controlling a class of nonlinear systems on rectangles. IEEE Transactions of Automatic Control, 51(11), 1749 1759. Bustan, D. and Grumberg, O. (2001). Modular Minimization of Deterministic Finite State Machines. In 6th International Workshop on Formal Methods for Industrial Critical Systems, volume 6, 163 178. Paris, France. Cassandras, C. and Lafortune, S. (1999). Introduction to Discrete Event Systems. Kluwer Academic Publishers. Clarke, E., Grumberg, O., and Peled, D. (1999). Model Checking. MIT Press. Dovier, A., Piazza, C., and Policriti, A. (2004). An efficient algorithm for computing bisimulation. Theoretical Computer Science, 311(1 3), 221 256. Girard, A., Pola, G., and Tabuada, P. (2010). Approximately bisimilar symbolic models for incrementally stable switched systems. IEEE Transactions of Automatic Control, 55(1), 116 126. Harel, D. (1987). Statecharts: A visual formalism for complex systems. Science of Computer Programming, 8, 231 274. Hopcroft, J. (1971). An n log(n) algorithm for minimizing states in a finite automaton. In Z. Kohavi and A. Paz (eds.), Theory of Machines and Computations. Academic Press, New York. Laroussinie, F. and Schnoebelen, P. (2000). The state explosion problem from trace to bisimulation equivalence. In Foundations of Software Science and Computation Structures, volume 1784 of Lecture Notes in Computer Science, 192 207. Springer Verlag. Milner, R. (1989). Communication and Concurrency. Prentice Hall. Moore, E. (1956). Gedanken experiments on sequential machines. In C. Shannon and J. Mc-Carthy (eds.), Annals of Mathematics Studies, volume 34 of Automata Studies, 129 153. Princeton University Press, Princeton, NJ. Paige, R. and Tarjan, R. (1987). Three partition refinement algorithms. SIAM Journal on Computing, 16(6), 987 989. Park, D. (1981). Concurrency and automata on infinite sequences. volume 104 of Lecture Notes in Computer Science, 167 183. Rabinovich, A. (1997). Complexity of equivalence problems for concurrent systems of finite agents. Information and Computation, 139(2), 111129. Sawa, Z. and Janar, P. (2009). Hardness of equivalence checking for composed finite-state systems. Acta Informatica, 46(3), 169 191. Tabuada, P. (2009). Verification and Control of Hybrid Systems: A Symbolic Approach. Springer. van Glabbeek, R. (1990). The linear time branching time spectrum. In CONCUR 90 Theories of Concurrency: Unification and Extension, volume 458 of Lecture Notes in Computer Science, 278 297. Springer Verlag. 7011

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback