- Finite & Deterministic Discrete Event System Specification
FD-DEVS (Finite & Deterministic Discrete Event System Specification) is a formalism for modeling and analyzing
discrete event dynamic system s in both simulation and verification ways. FD-DEVS also provides modular and hierarchical modeling features which have been inherited from ClassicDEVS .History
FD-DEVS was originally named as ``Schedule-Controlable DEVS`` [FD-DEVS#References| [Hwang05] and designed to support verification analysis of its networks which had been an open problem of DEVS formalism for 30 years. In addition, it was also designated to resolve the so-called ``OPNA`` problem of
SP-DEVS . From the viewpoint of ClassicDEVS , FD-DEVS has three restrictions# finiteness of event sets and state set,
# the lifespan of a state can be scheduled by a rational number or infinity, and
# the internal schedule can be either preserved or updated by an input event.The third restriction can be also seen as a relaxation from
SP-DEVS where the schedule is always preserved by any input events. Due to this relaxation there is no longer OPNA problem, but there is also one limitation that a time-line abstraction which can be used for abstracting elapsed times of SP-DEVS networks is no longer useful for FD-DEVS network [FD-DEVS#References| [Hwang05] . But another time abstraction method [FD-DEVS#References| [Dill89] which was invented by Prof. D. Dill can be applicable to obtain a finite-vertex reachability graph for FD-DEVS networks.Examples
;Ping-Pong Game
Let's consider a single ping-pong match in which there are two players. Each player can be modeled by FD-DEVS such that the player model has an input event ``?receive`` and an output event ``!send``. And it has two states: ``Send`` and ``Wait``. Once the player gets into ``Send``, it will generates ``!send`` and backs to ``Wait`` after the sending time which is 0.1 time unit. When staying at ``Wait`` and if it gets ``?receive``, it changes into ``Send`` again. In other words, the player model stays at ``Wait`` forever unless it gets ``?receive``.
To make a complete ping-pong match, one players starts as an offender whose initial state is ``Send`` and the other starts as an defender whose initial state is ``Wait``. Thus in Fig. 1. Player A is the initial offender and Player B is the initial defender. In addition, to make the game continue, each player's ``?send`` event should be coupled to the other player's ``?receive`` as shown in Fig. 1.
;Two-Slot ToasterLet's consider a toaster in which there are two slots that they have their own start knobs as shown in Fig. 2(a). Each slot has the identical functionality except their toasting time. Initially, the knob is not pushed, but if we push the knob, the associated slot starts toasting for its toasting time: 20 seconds for the left slot, 40 seconds for the right slot. After the toasting time, each slot and its knobs pop up. Notice that even though one tries to push a knob when its associated slot is toasting, nothing happens.
We can model it with FD-DEVS as shown in Fig. 2(b). Two slots are modeled as atomic FD-DEVS whose input event is ``?push`` and output event is ``!pop``, states are ``Idle`` (I) and ``Toast`` (T) with the initial state is ``idle``. When it is ``Idle`` and receives ``?push`` (because one pushes the knob), its state changes to ``Toast``. In other words, it stays at ``Idle`` forever unless it receives ``?push`` event. 20 (res. 40) seconds later the left (res. right) slot returns to ``Idle``.
Atomic FD-DEVS
Formal Definition
where
* is "a finite set of input events";
* is "a finite set of output events";
* is "a finite set of states";
* is "the initial state";
* is "the time advanced function" which defines the lifespan of a state where is the set of non-negative rational numbers plus infinity.
* is "the external transition function" which defines how an input event changes the schedule as well as a state of the system. The internal schedule of a state is updated by if , otherwise(i.e., ), the schedule is preserved [ can be divided into two functions: and as in [FD-DEVS#References| [Hwang05] .] .
* is "the output and internal transition function" where and denotes "the silent event". The output and internal transition function defines how a state generates an output event, at the same time, how the state changes internally [ can be divided into two functions: and as in [FD-DEVS#References| [ZKP00] .] .;Formal Representation of Ping-Pong PlayerThe formal representation of the player in the ping-pong example shown in Fig. 1 can be given as follows. where ={?receive}; ={!send}; ={Send, Wait}; =Send for Player A, Wait for Player B; (Send)=0.1,(Wait)=; (Wait,?receive)=(1,Send), (Send,?receive)=(0,Send); (Send)=(!send, Wait), (Wait)=(, Wait).
;Formal Representation of One Slot ToasterThe formal representation of the slot of Two-slot Toaster Fig. 2(a) and (b) can be given as follows. where ={?push}; ={!pop}; ={I, T}; =I; (T)=20 for the left slot, 40 for the right slot, (I)=; (I, ?push)=(1,T), (T,?push)=(0,T); (T)=(!pop, I), (I)=(, I).
;Formal Representation of Crosswalk Light Controller As mentioned above, FD-DEVS is an relaxation of SP-DEVS. That means, FD-DEVS is a supper class of SP-DEVS. We would give a model of FD-DEVS of a crosswalk light controller which is used for
SP-DEVS in this wikipedia. where ={?p}; ={!g:0, !g:1, !w:0, !w:1}; ={BG, BW, G, GR, R, W, D}; =BG, (BG)=0.5,(BW)=0.5, (G)=30, (GR)=30,(R)=2, (W)=26, (D)=2; (G,?p)=(0,GR), (s,?p)=(0,s) if s G; (BG)=(!g:1, BW), (BW)=(!w:0, G),(G)=(, G), (GR)=(!g:0, R), (R)=(!w:1, W), (W)=(!w:0, D), (D)=(!g:1, G);Total State Transition
;Total State Transition of Ping-Pong Player A
Fig. 3. shows an event segment (top) and the associated state trajectory (bottom) of Player A who plays the ping-pong game introduced in Fig. 1. In Fig. 3. the status of Player A is described as (state, lifespan, elapsed time)=() and the line segment of the bottom of Fig. 3. denotes the value of the elapsed time. Since the initial state of Player A is ``Send`` and its lifetime is 0.1 seconds, the height of (Send, 0.1, ) is 0.1 which is the value of . After changing into (Wait, inf [inf in Fig 3. means . ] , 0) when is reset by 0, Player A doesn't know when becomes 0 again. However, since Player B sends back the ball to Player A 0.1 second later, Player A gets back to (Send, 0.1 0) at time 0.2. From that time, 0.1 seconds later when Player A's status becomes (Send, 0.1, 0.1), Player A sends back the ball to Player B and gets into (Wait, inf, 0). Thus, this cyclic state transitions which move ``Send`` to ``Wait`` back and forth will go forever.
;Total State Transition of a ToasterFig. 4. shows an event segment (top) and the associated state trajectory (bottom) of the left slot of the two-slot toaster introduced in Fig. 2. Like Fig.3, the status of the left slot is described as (state, lifespan, elapsed time)=() in Fig. 4. Since the initial state of the toaster is ``I`` and its lifetime is infinity, the height of (Wait, inf, ) can be determined by when ?push occurs. Fig. 4. illustrates the case ?push happens at time 40 and the toaster changes into (T, 20, 0). From that time, 20 seconds later when its status becomes (T, 20, 20), the toaster gets back to (Wait, inf, 0) where we don't know when it gets back to ``Toast`` again. Fig. 4. shows the case that ?push occurs at time 90 so the toaster get into (T,20,0). Notice that even though there someone push again at time 97, that status (T, 20, 7) doesn't change at all because (T,?push)=(0,T).
; Formal Definition of Total State TransitionAs mentioned above, to described the timed behavior of SP-DEVS we need to introduced two variables of associated with time: the lifespan of a state and the elapsed time since the last schedule update. As mentioned earlier, the output and internal state transition can be executed when the elapsed time becomes to be equal to the lifespan of a state, i.e. . That means, the execution of is impossible when .
Let be "the legal state set" while be the "the illegal state set". Let denote the "total state set". and denote the "total event set".
Then the total state transition is defined as a function such that for and ,
Advantages
* Applicability of Time-Zone AbstractionThe property of non-negative rational-valued lifespans which can be preserved or changed by input events along with finite numbers of states and events guarantees that the behavior of FD-DEVS networks can be abstracted as an equivalent finite-vertex reachability graph by abstracting the infinitely-many values of the elapsed times using the time abstracting technique introduced by Prof. D. Dill [FD-DEVS#References| [Dill89] . An algorithm generating a finite-vertex reachability graph (RG)has been introduced in [FD-DEVS#References| [HZ06a] , [FD-DEVS#References| [HZ07] .
* Decidablility of Safety As a qualitative property, safety of a FD-DEVS network is decidable by (1) generating RG of the given network and (2) checking whether some bad states are reachable or not [FD-DEVS#References| [HZ06b] .
* Decidablility of LivenessAs a qualitative property, liveness of a FD-DEVS network is decidable by (1) generating RG of the given network, (2) from RG, generating kernel directed acyclic graph (KDAG) in which a vertex is strongly-connected component [FD-DEVS#References| [Sedgewick02] , and (3) checking if a vertex of KDAG contains a state transition cycle which contains a set of liveness states [FD-DEVS#References| [HZ06b] .
Disadvantages
*Weak Expressiveness for describing nondeterminism
The features that all characteristic functions, of FD-DEVS are deterministic can be seen as somehow a limitation to model the system that has non-deterministic behaviors. For example, if a player of the ping-pong game shown in Fig. 1. has a stochastic lifespan at ``Send`` state, FD-DEVS doesn't capture the non-determinism effectively.
Tool
There is an open source library, called DEVS# at http://xsy-csharp.sourceforge.net/DEVSsharp/, that supports some reachability graph-based verification algorithms for finding safyness and liveness.
Footnotes
References
* [Dill89] D.L. Dill, ``Timing Assumptions and Verification of Finite-State Concurrent Systems``, In "Proceedings of the Workshop on Computer Aided Verification Methods for Finite State Systems", pp 197-212, Grenoble, France, 1989
* [Hwang05] M.H. Hwang, ``Generating Finite-State Global Behavior of Reconfigurable Automation Systems: DEVS Approach``, "Proceedings of 2005 IEEE-CASE", Edmonton, Canada, Aug. 1-2, 2005(Available at http://moonho.hwang.googlepages.com/publications)"
* [HZ06a] M. H. Hwang and B. P. Zeigler, ``A Modular Verification Framework using Finite and Deterministic DEVS``, "Proceedings of 2006 DEVS Symposium", pp57-65, Huntsville, Alabama, USA, (Available at http://www.acims.arizona.edu)"
* [HZ06b] M. H. Hwang and B. P. Zeigler, ``A Reachable Graph of Finite and Deterministic DEVS Networks``, "Proceedings of 2006 DEVS Symposium", pp48-56, Huntsville, Alabama, USA, (Available at http://www.acims.arizona.edu)"
* [HZ07] M.H. Hwang and B.P. Zeigler, ``Reachability Graph of Finite & Deterministic DEVS``, IEEE Transactions on Automation Science and Engineering, accepted (Draft available at http://www.acims.arizona.edu)"
* [ZKP00] cite book|author = Bernard Zeigler, Tag Gon Kim, Herbert Praehofer| year = 2000| title = Theory of Modeling and Simulation| publisher = Academic Press, New York | id= ISBN 978-0127784557 |edition=second
Wikimedia Foundation. 2010.