Abstract
Full Text
CYBERNETICS AND CONTROL THEORY
V. V. KARIBSKII, P. P. PARKHOMENKO, E. S. SOGOMONIAN
QUESTIONS OF OPERABILITY CHECKING AND FAULT FINDING IN FINITE AUTOMATA
(Presented by Academician V. A. Trapeznikov on 30 IX 1964)
In the operation of complex discrete devices with memory (finite automata), the problem arises of checking their operability (construction of checking tests) and of finding faults in them (construction of diagnostic tests).
One of the directions in the theory of experiments on finite automata \((^{1-3})\) considers the problem of identifying an unknown automaton from a given class of automata by applying sequences of input symbols and observing the reactions of the unknown automaton. For purposes of checking the operability of automata, the problem is posed as follows. For a fault-free automaton \(M_0\), a list of \(n\) faults is specified, each of which changes in one way or another the transition diagram (or table) of the fault-free automaton. Each such diagram corresponds to some automaton \(M_i,\ i = 1,\ldots,n\). Then the problem of operability checking or of fault finding reduces to determining which automaton from the class of automata \(\{M_0, M_1,\ldots,M_n\}\) is in the experimenter’s possession. In \((^3)\) a solution of this problem is given for the case when the automata obtained for a specified list of faults constitute the so-called exclusive class of automata, whose characteristic feature is that no state of the automaton \(M_i\) is equivalent to any state of the automaton \(M_j\) for \(i \ne j\) (each automaton of this class is minimal). This, in particular, corresponds to the fact that, in the case when the fault-free automaton \(M_0\) is strongly connected and minimal and none of the automata \(M_1,\ldots,M_n\) is equivalent to \(M_0\), the classes \(\{M_0,M_1\},\ldots,\{M_0,M_n\}\) are exclusive. However, in the general case one cannot assert that the class of automata \(\{M_0,M_1,\ldots,M_n\}\) is exclusive. It is of interest to solve these problems in the absence of the indicated restrictions, i.e., when the class of faulty automata is not exclusive, the fault-free automaton is not strongly connected or not minimal, and equivalent automata with substantial (see below) faults are distinguishable.
Let there be given (for example, by a transition diagram) a completely specified automaton \(M_0\) and a set of \(n\) possible stable faults of it. For each fault we construct the corresponding automata \(M_1,\ldots,M_n\), which we shall call faulty modifications of the automaton \(M_0\).
Denote the set of \(s_i\) states* of \(M_i\) by \(\mathfrak{M}_i,\ i = 0,1,\ldots,n\). The union
\[ \mathfrak{M} = \bigcup_{i=0}^{n} \mathfrak{M}_i \]
gives the set \(\{1,\ldots,s\}\) of all distinct states of the automata \(M_0,M_1,\ldots,M_n\). We shall denote the states of the automata by the symbols \(\sigma_{ij},\ \sigma_{ij} \in \mathfrak{M}_i\ (j = 1,\ldots,s_i)\). It may happen that the states \(\sigma_{ir} \in \mathfrak{M}_i\) and \(\sigma_{jt} \in \mathfrak{M}_j\) represent one and the same
* By a state is meant the internal state of the automaton, characterized by the combination of states of the memory elements.
element of \(\mathfrak M\). In this case the states \(\sigma_{ir}\) and \(\sigma_{jt}\) will be called like-named.
Definition. Two automata are called compatible if and only if for every state of one automaton there exists a like-named state of the other automaton, and conversely, and all like-named states are equivalent.
A fault is called essential if the automaton corresponding to it is incompatible with \(M_0\). Two faults are called different (indistinguishable) from one another if the corresponding automata are incompatible (compatible) with one another.
Introduce three operations on an automaton: \(A_i\)—set the automaton to state \(i\); \(B_i\)—check whether the automaton is in state \(i\); \(C^{\alpha_p}\)—apply the input symbol \(\alpha_p\) to the automaton \((\alpha_p \in \{\alpha_1,\ldots,\alpha_k\})\) and determine its output symbol, where \(\{\alpha_1,\ldots,\alpha_k\}\) is the set of input symbols of the automaton. A sequence of such operations will be called an experiment on an automaton; the number of operations in an experiment will be called the length of the experiment \(N\).
The problem of minimizing tests (diagnosis) can now be formulated as the problem of determining an experiment of minimal length that makes it possible to establish the absence of faults in an automaton (the type of fault in an automaton) from a given list.
Let the automaton under study be \(M^*\), about which it is known that it belongs to the set \(\{M_0,M_1,\ldots,M_n\}\).
Theorem 1. There exists an experiment of length \(N \le s[k(s+2)+1]\), by means of which one can construct the transition diagram of the automaton \(M^*\).
Proof. Apply to the automaton \(M^*\) \(s\) experiments of the form
\[
(A_iB_iC^{\alpha_1}B_1\ldots B_s)(A_iC^{\alpha_2}B_1\ldots B_s)\ldots(A_iC^{\alpha_k}B_1\ldots B_s),
\]
where \(i=1,\ldots,s\). The experiment described in the first parentheses establishes the presence in the automaton \(M^*\) of state \(i\) and, in addition, indicates to which state and with which output symbol the transition from state \(i\) goes when the input symbol \(\alpha_1\) is applied. If state \(i\) exists in the automaton \(M^*\), then by the experiment described in the second parentheses it is again set to this same state and the transition under application of the input symbol \(\alpha_2\) is determined, and so on. If state \(i\) is not present in the automaton, then we increase \(i\) by 1 and repeat the same experiment. The number of operations in each such experiment is \((s+2)k+1\). Hence the total length of the experiment is \(N \le s[k(s+2)+1]\). The theorem is proved.
The transition diagram of the automaton \(M^*\), obtained as a result of such a construction, coincides with some transition diagram from \(\{M_0,M_1,\ldots,M_n\}\). Thus such an experiment simultaneously solves both the problem of operability checking and the problem of fault finding.
Theorem 2. One can always find an experiment of length \(N \le 3\), whose outcome makes it possible to distinguish two arbitrary incompatible automata \(M_i\) and \(M_j\) \((i\ne j)\) from \(\{M_0,M_1,\ldots,M_n\}\).
Proof. Suppose that no such experiment exists. Then there is not a single experiment of the form \(A_1B_1, A_2B_2,\ldots,A_sB_s\) whose outcome would differ with respect to the automata \(M_i\) and \(M_j\). Thus, for every state in \(M_i\) there is a like-named state in \(M_j\), and conversely. Take two arbitrary like-named states in \(M_i\) and \(M_j\). In accordance with (1), examine all paths of length \(2s-1\) leading from these states. If these states are not equivalent, then there will be states \(\sigma_{it}\) and \(\sigma_{jq}\) such that, when some input symbol \(\alpha_r\), where \(r \in \{1,\ldots,k\}\), is applied to the automata \(M_i\) and \(M_j\), which are in these states respectively, the automata will produce different output symbols.
Two cases are possible:
-
The states \(\sigma_{it}\) and \(\sigma_{jq}\) are like-named and represent one and the same element \(l \in \mathfrak M\). Then an experiment of the form \(A_lC^{\alpha_r}\), having \(N=2\), exists, which contradicts the supposition.
-
The states \(\sigma_{it}\) and \(\sigma_{jq}\) are not like-named. Then there will be like-named states in \(M_i\) and \(M_j\) (element \(p\) of \(\mathfrak M\)) such that if the automata,
located in these states respectively, then some input symbol \(a_\psi\) \((\psi \in \{1,\ldots,k\})\) will be applied, and the automata will pass into nonidentically named states (the elements \(m\) and \(u\) of \(\mathfrak M\)) respectively. Then experiments of the form \(A_p C^{\bar a_\psi} B_m\) or \(A_p C^{a_\psi} B_u\) \((N=3)\), which make it possible to distinguish the automata \(M_i\) and \(M_j\), exist, which also contradicts the assumption.
If our assumption is true, then all identically named states of the automata \(M_i\) and \(M_j\) are equivalent, i.e., the automata are compatible, which contradicts the condition. The theorem is proved.
Corollary 1. The absence in the automaton \(M^*\) of faults from a specified list \(\{1,\ldots,n\}\) can be established by an experiment of length \(N \leqslant 3n\).
Input → Tr. 1 → Tr. 2 → Output
| State of devices | State of devices | State |
|---|---|---|
| Tr. 1 | Tr. 2 | State |
| 0 | 0 | 1 |
| 1 | 0 | 2 |
| 0 | 1 | 3 |
| 1 | 1 | 4 |
Fig. 1
Corollary 2. An experiment identifying the automaton \(M^*\) with some automaton from \(\{M_1,\ldots,M_n\}\) \((M^* \in \{M_1,\ldots,M_n\})\) has length \(N \leqslant 3n(n-1)/2\).
Example. In Fig. 1a the transition diagram of a serviceable two-bit binary counter with serial carry on flip-flops is shown. We define the list of possible faults in the counter as follows: a) at one time, a fault of only one flip-flop is possible; b) the fault of each flip-flop is expressed in the fact that it is always in only one of the stable states.
In accordance with this (Fig. 1, b, c, d, e), the automaton \(M_1\) is a faulty modification of \(M_0\) when flip-flop Tr. 1 is faulty and is in state 0; \(M_2\) is the same in state 1; \(M_3\) is when the faulty flip-flop Tr. 2 is in state 0, and \(M_4\) is the same in state 1.
For checking operability, let us write expressions for experiments distinguishing, respectively, the automata:
\[ \begin{aligned} 1.\quad \{M_0,M_1\} &- A_2B_2 \vee A_4B_4 \vee A_4C^1.\\ 2.\quad \{M_0,M_2\} &- A_1B_1 \vee A_3B_3 \vee A_4C^1.\\ 3.\quad \{M_0,M_3\} &- A_3B_3 \vee A_4B_4 \vee A_4C^1.\\ 4.\quad \{M_0,M_4\} &- A_1B_1 \vee A_2B_2 \vee A_4C^1. \end{aligned} \]
Minimal in length is the experiment \(A_4C^1\). To solve the problem of fault location, let us write expressions for experiments distinguishing the automata—
the automaton \(M_1\) from the automata \(M_2, M_3\), and \(M_4\) (or conversely):
\[ (A_1B_1 \vee A_3B_3 \vee A_2B_2 \vee A_4B_4)(A_3B_3 \vee A_2B_2)(A_1B_1 \vee A_4B_4), \]
the automaton \(M_2\) from the automata \(M_3\) and \(M_4\):
\[ (A_4B_4 \vee A_1B_1)(A_2B_2 \vee A_3B_3) \]
and, finally, the automaton \(M_3\) from the automaton \(M_4\):
\[ (A_1B_1 \vee A_2B_2 \vee A_3B_3 \vee A_4B_4). \]
Forming the conjunction of the expressions obtained, expanding the parentheses and performing simplifications that do not affect the composition and order of the symbols in the expressions for the individual experiments, we obtain all possible sets of experiments that make it possible to solve the diagnostic problem. Minimal sets of experiments are, for example, \((A_1B_1)(A_3B_3)\) or \((A_1B_1)(A_2B_2)\).
Institute
of Automation and Telemechanics
Received
21 IX 1964
REFERENCES
\(^{1}\) E. F. Moore, in: Automata Studies, ed. by C. E. Shannon and J. McCarthy, IL, 1956, p. 179. \(^{2}\) S. Ginsburg, Kibernetich. sborn., 3, 167 (1961). \(^{3}\) A. Gill, Introduction to the Theory of Finite-State Machines, 1962.