Finite & Deterministic Discrete Event System Specification

Finite & Deterministic Discrete Event System Specification

FD-DEVS (Finite & Deterministic Discrete Event System Specification) is a formalism for modeling and analyzing discrete event dynamic systems in both simulation and verification ways. FD-DEVS also provides modular and hierarchical modeling features which have been inherited from Classic DEVS.


FD-DEVS was originally named as ``Schedule-Controlable DEVS`` [FD-DEVS#References| [Hwang05] and designed to support verification analysis of its networks which had been an open problem of DEVS formalism for 30 years. In addition, it was also designated to resolve the so-called ``OPNA`` problem of SP-DEVS. From the viewpoint of Classic DEVS, FD-DEVS has three restrictions

# finiteness of event sets and state set,
# the lifespan of a state can be scheduled by a rational number or infinity, and
# the internal schedule can be either preserved or updated by an input event.

The third restriction can be also seen as a relaxation from SP-DEVS where the schedule is always preserved by any input events. Due to this relaxation there is no longer OPNA problem, but there is also one limitation that a time-line abstraction which can be used for abstracting elapsed times of SP-DEVS networks is no longer useful for FD-DEVS network [FD-DEVS#References| [Hwang05] . But another time abstraction method [FD-DEVS#References| [Dill89] which was invented by Prof. D. Dill can be applicable to obtain a finite-vertex reachability graph for FD-DEVS networks.


;Ping-Pong Game

Let's consider a single ping-pong match in which there are two players. Each player can be modeled by FD-DEVS such that the player model has an input event ``?receive`` and an output event ``!send``. And it has two states: ``Send`` and ``Wait``. Once the player gets into ``Send``, it will generates ``!send`` and backs to ``Wait`` after the sending time which is 0.1 time unit. When staying at ``Wait`` and if it gets ``?receive``, it changes into ``Send`` again. In other words, the player model stays at ``Wait`` forever unless it gets ``?receive``.

To make a complete ping-pong match, one players starts as an offender whose initial state is ``Send`` and the other starts as an defender whose initial state is ``Wait``. Thus in Fig. 1. Player A is the initial offender and Player B is the initial defender. In addition, to make the game continue, each player's ``?send`` event should be coupled to the other player's ``?receive`` as shown in Fig. 1.

;Two-Slot ToasterLet's consider a toaster in which there are two slots that they have their own start knobs as shown in Fig. 2(a). Each slot has the identical functionality except their toasting time. Initially, the knob is not pushed, but if we push the knob, the associated slot starts toasting for its toasting time: 20 seconds for the left slot, 40 seconds for the right slot. After the toasting time, each slot and its knobs pop up. Notice that even though one tries to push a knob when its associated slot is toasting, nothing happens.

We can model it with FD-DEVS as shown in Fig. 2(b). Two slots are modeled as atomic FD-DEVS whose input event is ``?push`` and output event is ``!pop``, states are ``Idle`` (I) and ``Toast`` (T) with the initial state is ``idle``. When it is ``Idle`` and receives ``?push`` (because one pushes the knob), its state changes to ``Toast``. In other words, it stays at ``Idle`` forever unless it receives ``?push`` event. 20 (res. 40) seconds later the left (res. right) slot returns to ``Idle``.

Atomic FD-DEVS

Formal Definition

M =


* X is "a finite set of input events";
* Y is "a finite set of output events";
* S is "a finite set of states";
* s_0 in S is "the initial state";
* au: S ightarrow mathbb{Q}_{ [0,infty] } is "the time advanced function" which defines the lifespan of a state where mathbb{Q}_{ [0,infty] } is the set of non-negative rational numbers plus infinity.
* delta_x: S imes X ightarrow {0,1} imes S is "the external transition function" which defines how an input event changes the schedule as well as a state of the system. The internal schedule of a state s in S is updated by au(s') if delta_x(s)=(1,s'), otherwise(i.e., delta_x(s)=(0,s')), the schedule is preserved [ delta_x can be divided into two functions: ho: S imes X ightarrow {0,1} and delta_{ext}:S imes X ightarrow S as in [FD-DEVS#References| [Hwang05] .] .
* delta_y: S ightarrow Y^phi imes S is "the output and internal transition function" where Y^phi = Y cup {phi} and phi otin Y denotes "the silent event". The output and internal transition function defines how a state generates an output event, at the same time, how the state changes internally [ delta_y can be divided into two functions: lambda: S ightarrow Y^phi and delta_{int}:S ightarrow S as in [FD-DEVS#References| [ZKP00] .] .

;Formal Representation of Ping-Pong PlayerThe formal representation of the player in the ping-pong example shown in Fig. 1 can be given as follows. M= where X={?receive}; Y={!send}; S={Send, Wait}; s_0=Send for Player A, Wait for Player B; au(Send)=0.1, au(Wait)=infty ; delta_x(Wait,?receive)=(1,Send), delta_x(Send,?receive)=(0,Send); delta_y(Send)=(!send, Wait), delta_y(Wait)=(phi, Wait).

;Formal Representation of One Slot ToasterThe formal representation of the slot of Two-slot Toaster Fig. 2(a) and (b) can be given as follows. M= where X={?push}; Y={!pop}; S={I, T}; s_0=I; au(T)=20 for the left slot, 40 for the right slot, au(I)=infty ; delta_x(I, ?push)=(1,T), delta_x(T,?push)=(0,T); delta_y(T)=(!pop, I), delta_y(I)=(phi, I).

;Formal Representation of Crosswalk Light Controller As mentioned above, FD-DEVS is an relaxation of SP-DEVS. That means, FD-DEVS is a supper class of SP-DEVS. We would give a model of FD-DEVS of a crosswalk light controller which is used for SP-DEVS in this wikipedia. M= where X={?p}; Y={!g:0, !g:1, !w:0, !w:1}; S={BG, BW, G, GR, R, W, D}; s_0=BG, au(BG)=0.5, au(BW)=0.5, au(G)=30, au(GR)=30, au(R)=2, au(W)=26, au(D)=2; delta_x(G,?p)=(0,GR), delta_x(s,?p)=(0,s) if s eqG; delta_y(BG)=(!g:1, BW), delta_y(BW)=(!w:0, G),delta_y(G)=( phi, G), delta_y(GR)=(!g:0, R), delta_y(R)=(!w:1, W), delta_y(W)=(!w:0, D), delta_y(D)=(!g:1, G);

Total State Transition

;Total State Transition of Ping-Pong Player A

Fig. 3. shows an event segment (top) and the associated state trajectory (bottom) of Player A who plays the ping-pong game introduced in Fig. 1. In Fig. 3. the status of Player A is described as (state, lifespan, elapsed time)=(s, t_s, t_e ) and the line segment of the bottom of Fig. 3. denotes the value of the elapsed time. Since the initial state of Player A is ``Send`` and its lifetime is 0.1 seconds, the height of (Send, 0.1, t_e) is 0.1 which is the value of t_s. After changing into (Wait, inf [inf in Fig 3. means infty. ] , 0) when t_e is reset by 0, Player A doesn't know when t_e becomes 0 again. However, since Player B sends back the ball to Player A 0.1 second later, Player A gets back to (Send, 0.1 0) at time 0.2. From that time, 0.1 seconds later when Player A's status becomes (Send, 0.1, 0.1), Player A sends back the ball to Player B and gets into (Wait, inf, 0). Thus, this cyclic state transitions which move ``Send`` to ``Wait`` back and forth will go forever.

;Total State Transition of a ToasterFig. 4. shows an event segment (top) and the associated state trajectory (bottom) of the left slot of the two-slot toaster introduced in Fig. 2. Like Fig.3, the status of the left slot is described as (state, lifespan, elapsed time)=(s, t_s, t_e ) in Fig. 4. Since the initial state of the toaster is ``I`` and its lifetime is infinity, the height of (Wait, inf, t_e) can be determined by when ?push occurs. Fig. 4. illustrates the case ?push happens at time 40 and the toaster changes into (T, 20, 0). From that time, 20 seconds later when its status becomes (T, 20, 20), the toaster gets back to (Wait, inf, 0) where we don't know when it gets back to ``Toast`` again. Fig. 4. shows the case that ?push occurs at time 90 so the toaster get into (T,20,0). Notice that even though there someone push again at time 97, that status (T, 20, 7) doesn't change at all because delta_x(T,?push)=(0,T).

; Formal Definition of Total State TransitionAs mentioned above, to described the timed behavior of SP-DEVS we need to introduced two variables of associated with time: the lifespan t_s of a state and the elapsed time t_e since the last schedule update. As mentioned earlier, the output and internal state transition delta_y can be executed when the elapsed time becomes to be equal to the lifespan of a state, i.e. t_e = t_s . That means, the execution of delta_y is impossible when t_e e t_s .

Let Q_p={(s, t_s, t_e)| s in S, t_s in mathbb{Q}_{ [0, infty] }, t_e in [0, t_s] } be "the legal state set" while Q_{imp}={(imp, infty, t_e)| imp otin S, t_e in [0, infty) } be the "the illegal state set". Let Q = Q_p cup Q_{imp} denote the "total state set". and Z = X cup Y^phi denote the "total event set".

Then the total state transition is defined as a function delta: Q imes Z ightarrow Q such that for q=(s, t_s, t_e) in Q and z in Z ,
delta(q, z) =egin{cases} (s', t_s, t_e) & extrm{if } s in S, z in X, delta_x (s, z) = (0,s') \ (s', au(s), 0) & extrm{if } s in S, z in X, delta_x (s, z) = (1,s') \ (s', au(s), 0) & extrm{if } s in S, z in Y^phi, t_e = t_s, delta_y (s) = (z, s') \ (imp, infty, t_s) & extrm{otherwise }end{cases}


* Applicability of Time-Zone AbstractionThe property of non-negative rational-valued lifespans which can be preserved or changed by input events along with finite numbers of states and events guarantees that the behavior of FD-DEVS networks can be abstracted as an equivalent finite-vertex reachability graph by abstracting the infinitely-many values of the elapsed times using the time abstracting technique introduced by Prof. D. Dill [FD-DEVS#References| [Dill89] . An algorithm generating a finite-vertex reachability graph (RG)has been introduced in [FD-DEVS#References| [HZ06a] , [FD-DEVS#References| [HZ07] .

* Decidablility of Safety As a qualitative property, safety of a FD-DEVS network is decidable by (1) generating RG of the given network and (2) checking whether some bad states are reachable or not [FD-DEVS#References| [HZ06b] .

* Decidablility of LivenessAs a qualitative property, liveness of a FD-DEVS network is decidable by (1) generating RG of the given network, (2) from RG, generating kernel directed acyclic graph (KDAG) in which a vertex is strongly-connected component [FD-DEVS#References| [Sedgewick02] , and (3) checking if a vertex of KDAG contains a state transition cycle which contains a set of liveness states [FD-DEVS#References| [HZ06b] .


*Weak Expressiveness for describing nondeterminism

The features that all characteristic functions, au, delta_x, delta_y of FD-DEVS are deterministic can be seen as somehow a limitation to model the system that has non-deterministic behaviors. For example, if a player of the ping-pong game shown in Fig. 1. has a stochastic lifespan at ``Send`` state, FD-DEVS doesn't capture the non-determinism effectively.


There is an open source library, called DEVS# at, that supports some reachability graph-based verification algorithms for finding safyness and liveness.



* [Dill89] D.L. Dill, ``Timing Assumptions and Verification of Finite-State Concurrent Systems``, In "Proceedings of the Workshop on Computer Aided Verification Methods for Finite State Systems", pp 197-212, Grenoble, France, 1989
* [Hwang05] M.H. Hwang, ``Generating Finite-State Global Behavior of Reconfigurable Automation Systems: DEVS Approach``, "Proceedings of 2005 IEEE-CASE", Edmonton, Canada, Aug. 1-2, 2005(Available at"
* [HZ06a] M. H. Hwang and B. P. Zeigler, ``A Modular Verification Framework using Finite and Deterministic DEVS``, "Proceedings of 2006 DEVS Symposium", pp57-65, Huntsville, Alabama, USA, (Available at"
* [HZ06b] M. H. Hwang and B. P. Zeigler, ``A Reachable Graph of Finite and Deterministic DEVS Networks``, "Proceedings of 2006 DEVS Symposium", pp48-56, Huntsville, Alabama, USA, (Available at"
* [HZ07] M.H. Hwang and B.P. Zeigler, ``Reachability Graph of Finite & Deterministic DEVS``, IEEE Transactions on Automation Science and Engineering, accepted (Draft available at"
* [ZKP00] cite book|author = Bernard Zeigler, Tag Gon Kim, Herbert Praehofer| year = 2000| title = Theory of Modeling and Simulation| publisher = Academic Press, New York | id= ISBN 978-0127784557 |edition=second

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Petri net — A Petri net (also known as a place/transition net or P/T net) is one of several mathematical modeling languages for the description of distributed systems. A Petri net is a directed bipartite graph, in which the nodes represent transitions (i.e.… …   Wikipedia

  • Behavior of DEVS — Behaviors of a given DEVS model is a set of sequences of timed events including null events, called event segments which make the model move one state to another within a set of legal states. To define this way, the concept of a set of illegal… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”