Fail-safe realization of sequential machines  by Takaoka, Tadao & Ibaraki, Toshihide
INFORMATION AND CONTROL 22, 31-55 (1973) 
Fail-Safe Realization of Sequential Machines 
TADAO TAKAOKA* 
Electrical Communication Laboratories, Nippon Telegraph and 
Telephone Public Corporation, Musashino, Tokyo, Japan 
AND 
TOSHIHIDE IBARAKI 
Department ofApplied Mathematics and Physics, Faculty of Engineering, 
Kyoto University, Kyoto, Japan 
It is known that a sequential machine is realized by a binary sequential 
circuit (BSC). In this paper we try to construct a fail-safe BSC realizing a given 
sequential machine with the additional constraint that its output either takes 
the correct value or fails from 0 to 1 if the outputs of logic components in BSC, 
such as AND, OR, NOT gates and DELAY elements, fail asymmetrically 
from 0 to 1. The word "fail-safe" means that the failure 0 -~ 1 is considered 
safe while the reverse is not. It is rather easy to construct a fail-safe BSC for 
a given sequential machine. The main purpose of this paper is to construct 
a fail-safe BSC with the smallest number of DELAY's. 
First we construct a positive BSC with the smallest number of DELAY's. 
A BSC is positive if its logic components are all positive. Positive BSC's are 
fail-safe but the converse is not true. Then we also construct a fail-safe BSC 
with the smallest number of DELAY's. We see that the procedure for the latter 
construction is more complicated than the former. 
I. INTRODUCTION 
Fail-safe systems for swkch ing  funct ions were first presented by Watanabe 
and  Takahash i  (1965), and have been studied by M ine  and Koga (1967), 
Hash imoto,  Tokura  and Kasami  (1967), H i rayama,  Watanabe and  Urano  
(1969) and  others.  In  a fail-safe system for a switching funct ion,  if the  inputs  
or the  logic components  fail asymmetr ica l ly  f rom 0 to 1, the  induced fai lure 
* Part of this work is included in the Ph.D. dissertation of T. Takaoka. 
31 
Copyright © 1973 by Academic Press, Inc. 
All rights of reproduction i any form reserved. 
64312z1I-3 
32 TAKAOKA AND IBARAKI 
on the output is also asymmetric from 0 to 1, where the value I is considered 
to be safe even if it is erroneous. 
A fail-safe binary sequential circuit (fail-safe BSC) realizing a given 
machine was presented by Tokura, Kasami and Ozaki (1966) whose behavior 
is analogous to that of fail-safe systems for switching functions except hat no 
failure on the input is assumed in this case. Fail-safe BSC's were also studied 
in Watanabe, Takahashi and Enomoto (1966) and Tohma (1970). In Tokura 
et al. (1966), for constructing a fail-safe BSC realizing a given machine, the 
constant weight code, especially the half weight code, is used for the state 
assignment. This assignment is sometimes redundant in the sense that the 
number of bits (i.e., the number of DELAY's) used for the state assignment 
can be further reduced. 
In the present paper we attempt o construct a fail-safe BSC realizing 
a given machine with the smallest number of bits. It is shown that if all the 
switching functions used in the BSC are positive with respect to the variables 
representing internal states, the BSC is fail-safe. This BSC is called positive. 
We give an algorithm for constructing a positive BSC realizing a given 
machine with the smallest number of bits. This is done by making use of a 
certain partial order with the substitution property defined on the given 
machine. 
In general, however, the number of bits required in a fail-safe BSC may 
be able to be reduced further if we can dispense with the positiveness 
assumption imposed on the fail-safe BSC. In this case the procedure to 
obtain a fail-safe BSC with the smallest number of bits becomes omewhat 
complicated and may be difficult to use in practice, though a method for 
that is presented. 
II. SEQUENTIAL MACHINES AND BINARY RELATIONS 
WITH THE SUBSTITUTION PROPERTY 
In this section we discuss basic properties of binary relations with the 
substitution property, as a preparation for the subsequent discussion. It 
is an extension of the wellknown concept of partitions with the substitution 
property studied by Hartmanis and Stearns (1966). This extension is 
necessary because we will deal with partial orders, rather than partitions, 
with the substitution property. 
DEFINITION 1. A sequential machine, abbreviated by a machine, is a 
quintuple S = <S, M, fi, Z', A> where 
FAIL-SAFE SEQUENTIAL MACHINES 33 
S: a finite set of internal states 
Z: a finite set of input alphabet 
/I: a finite set of output alphabet 
M: a mapping S × Z --+ S (next state function) 
,8: a mapping S -+ A (output function). 
This machine is called Moore type (see for example Harrison, 1965). 
Z* denotes the set of all the words (or strings) generated from the input 
alphabet Z including the null string I. The mapping M is extended from 
S × Z--* S to S × 2J* ~ S recursively by 
M(s, h) = s 
M(s, ax) = M(M(s,  a), x), 
where s ~ S, cr ~ Z and x ~ Z*. Then we have 
Vs ~ S, Vx, Vy ~ Z* M(s, xy) = M(M(s,  x), y). 
Let lg(x) denote the length of the word x. 
DEFINITION 2. Let A be a binary relation on S, that is, A C S × S. 
A has the substitution property (SP) if 
V(sl, s~) ~ S x S ((sl, s2) ~ A ~ Vx ~ Z*(M(s l ,  x), M(s2, x)) ~ A). 
Note that this definition is equivalent to 
V(s~, s2) E S × S ((sl, s~) ~ A ~ Va ~ Z(M(q ,  a), M(s2, a)) E A). 
DEFINITION 3. Let A C S × S. The core with SP (CSP) of A, written 2i, 
is defined by 
(~ , s~) ~ d ~ Vx ~ Z*(M(s~ , x), M(,~ , x)) ~ n .  
LEMMA 1. 
Proof. 
The CSP 21 of A has SP and 21 C A. 
(Sl, s2) ~ d .~ vx ~ Z*(M(s l  , x), M(s~ , x)) ~ A 
Vx, Vz ~ Z* (M(h  , xz), M(s2 , xz)) ~ A 
Vx ~ Z*(Vz ~ Z*(M(M(s l  , x), z), M(M(s2 , x), z)) e A) 
Vx ~ Z*(M(sl , x), M(s~ , x)) ~ 21. Q.E.D. 
34 TAKAOKA AND IBARAKI 
DEFINITION 4. Let A _C S × S. The sequence of sets, {Ai}, is defined by 
(Sl, S2) ~ A i .<:2;> (VX @ Z*(Ig(x) <~ i ~ (M(sl , x), M(s~ , x)) ~ A)). 
Note that A 0 = A. 
LEMMA 
(i) 
(ii) 
(iii) 
(iv) 
M(s2,  a)) 
(v) 
Proof. 
(i) 
(ii) 
(iii) 
2. We have the following results: 
Vi ~ 0 A i  D_ Ai+ 1 (nonincreasing property). 
3i ~ O, Vh ~ O(Ai = Ai+h) (convergence). 
Vi ~ O(Ai --  Ai+l ~ Vh >/0  A i  = Ai+~). 
Vi >~ O((h , S2) ~ A~+~ <=> (s~ , s2) ~ Ai  A V~ ~ X(M(s l  , a), 
A 0 (recursive formula). 
Ai  = Ai+l ~ i <~ 2n- -  2. 
is obvious. 
follows because A is finite and the sequence {Ai} is nonincreasing. 
Let Ai  = Ai+l.  Then from (iv) we have 
(sl , s2) e Ai+l ~ ((h, s~) e A i  ^ Vo e ~r(M(h , ~), M(s~ , ~)) e &)  
(Sl, s2) e Ai+2 . 
Hence we have that Ai+ 1 -~ Ai+ ~ =- Ai+ a -~ ".. 
(iv) 
(s 1 , s~) ~ A¢+1 <:> (gx e Z'*(lg(x) ~< i + 1 ~ (M(s~, x), M(s2, x)) ~ A))  
(Vx E Z*(lg(x) ~< i ~ (m(,1, ~), M(,~, x)) ~ A)) 
^ (V~ c 27, Vx ~ 27*(Ig(x) < i ~ (M(M(s l ,  ~), x), 
M(M(s~ , e), x)) ~ A)) 
-<::> ((s~ , s2) ~ A i ^ V(~ ~ Z(M(s l  , ~), M(s2 , (~)) ~ A,). 
(v) follows from the fact that if (M(s l ,  x), M(s2, x)) ---- (s1',5~'), the 
pair (sl' , s()  can be reached by some word whose length is less than or equal 
to 2n --  2 (e.g., Harrison (1965)). Q.E.D. 
LEMMA 3. A o~ - A for any A C S × S. 
FAIL-SAFE SEQUENTIAL MACHINES 35 
Pro@ Obvious. 
From these facts we have the following algorithm for obtaining A from 
ag ivenA_CS × S. 
ALGORITHM 1. 
(i) 
(ii) 
Sl 
(iii) 
(iv) 
(v) 
Let A o = A. 
Compute A~+ 1 from A~ by the following recursive formula. 
s2) ~ A¢+ 1 -~ ((sl, s2) c Ai A V(~ e Z(M(s 1 , ,~), M(s 2 , a)) e Ai). 
I f  Ai+ 1 = Ai ,  go to (v). Otherwise go to (iv). 
Increase i by one and go to (ii). 
Let A = At and halt. 
Note that A = A~ for the smallest integer i such that A¢ = A¢+ z and .4 
is uniquely computed from A. 
LEMMA 4. For any A, B C_ S × S 
AC_B ~ ACB.  
Proof. Assume that A C B. Then 
(sl , s2) ~ A ~ Vx ~ X* (M(q  , x), M(s 2 , x)) a A 
=~ Vx ~ Z* (M(q ,  x), M(s 2 , x)) e B 
Q.E.D. 
LEMMA 5. ./i is the maximal set with SP included in A.  
Proof. Suppose that B _C S X S has SP. Clearly/~ = B. From Lemma 4 
we have 
BC_A ~ BC_A ~ BCA.  
Thus .d is the maximal set with SP included in A. Q.E.D. 
DEFINITION 5. For a given machine S, SP(S)  is the set of all sets A 
such that E _C A _C 12 and A has SP, where ~2 = S X S and E is the equality 
relation on S, that is, 
E ---- {(s, ~) I ~ e S}. 
36 TAKAOKA AND IBARAKI 
We introduce an order into SP(S)  by set inclusion. For A, B e SP(S),  A n B 
is the greatest lower bound and A u B is the smallest upper bound. 
THEOREM 1. The algebraic system SP(S)  -- <SP(S), C_, rT, ~)  forms 
a lattice. 
Proof. SP(S)  has the unique maximal element ~Q and the unique minimal 
element E. For A, B e SP(S),  let us prove that A n B ~ A n B. Obviously 
A nBC_AnBand 
(s l ,  sD E A n B ~ (sl,  s2) E A ^ (s~, s2) ~ B 
vx ~ Z*(M(sl , x), M(s~, x)) ~ A 
A Vx E X*(M(sl ,  x), M(s~, x)) ~ B 
Vx ~ 2*(M(s~ , x), M(s~ , x)) ~ A n B 
shows that A n B has SP. Therefore N n B = A n B. Next for distinct 
A, B ~ SP(S) assume that there exist two distinct minimal upper bounds 
C and D of A and B. Then we have that A u B _CC C n D C C, D which is a 
contradiction because C (7 D E SP(S), and C and D are minimal upper 
bounds for A and B. Q.E.D. 
I I I .  FAIL-SAFE AND POSITIVE ORDERS ON A SEQUENTIAL MACHINE 
To obtain a fail-safe realization of a given machine, it is useful to distinguish 
state errors s i -+ s t of the machine according to whether they cause failures 
1--~ 0 on the output (i.e., not fail-safe) or not (i.e., fail-safe). It will be 
shown that the set of all the fail-safe state errors (denoted P) is a partial 
order. Then two kinds of partial orders, called positive order and FS  order, 
included in P receive special attention since they play important roles in the 
state assignment for the fail-safe realization. 
In this section we investigate properties of these two kinds of partial 
orders and give algorithms to obtain them. The actual construction of 
binary sequential circuits satisfying the fail-safe condition will be discussed 
in Section IV. 
DEFINITION 6. A set R _C T × T is called a partial order on the set T 
if it satisfies the following three conditions 
(i) Vte T (t, t) ~ R (Reflexivity). 
FAIL-SAFE SEQUENTIAL MACHINES 37 
(ii) V(tl, t2) ~ T X T ((t~, t2) e R ^ (t2, tl) e R ~ t 1 = t~) (Anti-sym- 
metry). 
(iii) V(tl, t~), V(t2, t~) e T × T ((tl, t2) e n ^ (t2, t3) e n 
(t l ,  t3) e R) (Transitivity). 
The algebraic system T = (2 ,  R} is called a partially ordered set. I f  
(tl, te) ~ R, Q is said to be in higher order than t 1 (as to the order R.) A 
partially ordered set T = (T, R} is illustrated by a graph in the conventional 
way such that, if (t 1 , t2) ~ R, the node of t 2 is written in a higher position 
than that of t 1 and connected by an edge (or a sequence of edges). R __C_ T x T 
is said to be a pseudo order if it satisfies only two conditions (i) and (iii). 
A pseudo ordered set T ~ (T, R} is illustrated similarly to the case of a 
partially ordered set with the added rule that if (t l ,  re) e R and (t~, tl) ~ R 
the nodes of t 1 and t~ are written in the same level. 
EXAMPLE 1. Let T = {tl, t~, ta} and R ~- {(t l , t l )  , (t2,t2) , (t3, ta), 
(t l ,  t3) , (t2, t3) }. R is a partial order and the partially ordered set T = (T,  R)  
is illustrated in Fig. 1. Let R' -~ {R, (t l ,  t2), (t2, tl) }. R' is a pseudo order 
and the pseudo ordered set T = (T, R'} is illustrated in Fig. 2. 
t 3 
t 1 t2 
Fie.. 1. Partially ordered set. 
t 3 
t 1 t2 
FIa. 2. Pseudo ordered set. 
Hereafter we assume a partial order ~< defined on the set of the output 
alphabet A of a given machine S = (S, M, fi, 2, A). For example, if 
A ~ {0, 1}, the order 0 < 1 is usually assumed. 
38 TAKAOKA AND IBARAKI 
DEFINITION 7. A state error (s I , s2) is an element of S × S, which may 
be interpreted as the error s 1 ~ s 2 occurred in machine S. A state error 
(sl,  s2) is said to satisfy the fail-safe condition (FS condition) if 
Vx ~ ~* fi(M(sl , x)) ~ fl(M(s2 , x)). 
A set .d C S × S satisfies the FS  condition if 
V(sl, s2) e S × S((sl , se) ~ A ~ Vx e X* fl(M(sl , x)) ~ fl(M(s2 , x))). (1) 
In  the above definition a failure on the output is regarded safe if it is from 
the smaller to the greater with respect o the order ~<. 
DEFINITION 8. For a given machine S, the set P _C S × S is defined by 
(sl , s2) e P ~ Vx ~ X* fi(M(s a , x)) ~ fi(M(s2 , x)). 
P is the maximum error set which satisfies the FS  condition. Obviously P 
is unique. 
DEFINITION 9. For a given machine S, a set Q c S × S is called an 
FS  order o fS  i fQ is a partial order on the set S and satisfies theFS  condition. 
In other words, Q is an FS  order if Q is a partial order and Q _c P. 
LEMMA 6. I f  a machine S is reduced, the set P is a partial order. 
Proof. Reflexivity and transitivity are obvious. As for anti-symmetry 
we see that 
(Sl, s2) ~ P ^ (s2, sl) ~ P ~ Vx ~ 2:* f i(M(sl, x)) ~ fl(M(s2, x)) 
^ vye z* ~(M(s~, y)) >~ ~(M(s~, y)) 
w ~ z* ~(M(~, x)) =/~(M(~, x)) 
s~ = s~. Q.E.D. 
Note that, if S is not reduced, P is in general a pseudo order. Thus we 
have the next theorem. 
THEOREM 2. P is the maximal FS  order of S, provided that S is reduced. 
LEMMA 7. P has SP. 
FAIL-SAFE SEQUENTIAL MACHINES 39 
Proof. 
(sl, se) e P ~ Vx, Vz E X*fi(M(sl , xz)) ~ fi(M(se, xz)) 
Vx ~ X*(Vz ~ X*fi(M(M(sl , x), z)) ~ fi(M(M(s2 , x), z))) 
Vx e Z*(M(s~ , x), M(se , x)) e P. Q.E.D. 
DEFINITION 10. For a given machine S, a set Q __C S × S is said to be a 
positive order of S if Q is an FS order and has SP. 
Clearly we have the following theorem. 
THEOREM 3. P is the maximal positive order of S, provided that S is 
reduced. 
EXAMPLE 2. For the reduced machine S given in Table I, the maximal 
FS (or positive) order P is given by ((&, &) ~ E are omitted for simplicity). 
P = {(sl ,s~), (s~, s3) , (s2, sa) , (s~, s4), (s~ ,@, (s~, s6), 
(s~, s~), (s~, s~), (s~, s6), (s4, s~), (s,, s6), (s~, s,)}. 
TABLE I 
Exampleofa Ma~ine 
State 
NN• 
nput 
Output " 
0 1 
S 1 0 $1 S2 
S 2 0 31 $8 
s 3 0 S4 s 3 
s 4 l s 1 s 5 
s5 1 sz s6 
s6 1 s5 s6 
0<1 
P is also illustrated in Fig. 3. As an example, consider state error (sx, s2). By 
applying some x ~ 2J*, we see that state error (Sl, s2) induces state errors 
(s2, sa), (sl, s4), (s2, ss), (s3, s,), (s4, ss), (s~, sG), (s~, s~) and (s~, s,) (e.g., 
40 TAKAOKA AND IBARAKI 
s 6 
• s 5 
s 3 
s 1 
FIG. 3. Maximal positive order P. 
M(s 1, 1)-= s~ and M(s2 ,1) :  s a imply that (si,s~) induces (s2, s3)). 
However, all induced state errors (si, sj) satisfy /?(st) ~< ]~(s~.) and hence 
(s 1 , s2) satisfies the FS  condition. Similarly it is possible to make sure that all 
(s~ , sj) ~ P satisfy the FS  condition. 
Now we present an algorithm to obtain the above P for a given machine S. 
DEFINITION 11. For a given machine S, the sequence of sets {P~} is 
defined by 
(s~, s2) ~ PC -,> Vx e 27*(lg(x) ~ i ~ fi(M(s~ , x)) ~ fi(M(s 2 , x))) 
Let S be partitioned into S,'s as 
& = {s ~ s l~(s) = ~}, 
Then we have 
s=Uso. 
8ez~ 
Po= U sox&,. 
~,~' 
LEMlVIA 8. For a given machine S, i f  a set R C_ S × S is a partial order 
on S, then R is also a partial order on S. 
Proof. 
(i) 
(ii) (h ,  s~) ~ k ^ (s~, s~) ~ ~ ~ (h ,  s~) ~ R ^ (s~, h)  ~ R ~ h = s~. 
FAIL-SAFE SEQUENTIAL MACHINES 41 
(iii) ( ,1, ,2)E~ ^  (s~ ,,.) ~R * WeX*(M(sl  ,x), M(,~, x) )eR 
^ Vy~S*(M(s2 ,y) ,M(s3 ,y ) )ER 
VxeS*(M(h ,  x),M(,s,  x ) )eR  
(sl, s3) ~/?. Q.E.D. 
THEOREM 4. It holds that P -~ Poo -- Po. 
Proof. Obvious from Definition 8, Definition 11 and Lemma 3. Q.E.D. 
Consequently P can be obtained by the following algorithm. 
ALGORITHM 2. 
(i) Let A = P0. 
(ii) Go to Algorithm 1. 
(iii) Le tP=A.  
EXAMPLE 3. For the machine S given in Table I we compute P (the 
equality relation E is omitted from each Pi for notational simplicity). 
P0 = {%, $~), G,  s~), (s~, s~), (s~, sl), G ,  '~), ('~, s~), 
(,1, s~), (sl, ,5), 
(,3, ,4), (,~ ,s~), 
(st, s4), (,5, ,~), 
P I=  {($1, '2), ($2, $1), 
('1, s6), G ,s~), 
(s~, $4), ('4, '0). 
G = {($1. '~). (h.$3). 
(s~, ss), G ,  st), 
Pa = P2 ,P  =/:'2- 
(sl. st). (,~. sol (s2. ss). ($2. s,). 
($~. st), (s~, '5), ('5, s0), ($~, st), 
(s~, s~)}. 
(h,  $3), (s2, ,~), (,1, ,~), (h,  ss), 
G,  ss), (,~, s~), G ,  ,o), G ,  ,5), 
(ss, st)}. 
(s~, ,~), ($1, $,), ( 1, ,5; ($1, $6), 
(s~, so), (s,, ss), (s,, s~), (ss, @.  
This P is the same as the one shown in Example 2. 
DEFINITION 12. For a given reduced machine S, the algebraic system 
FS(S) = <FS(S), C, n, u> is defined similarly to Definition 5, where FS(S) 
is the set of all the FS orders of S. 
THEOREM 5. For a given reduced machine S, the algebraic system FS(S) = 
(FS(S), C, n, u> forms a lattice. 
42 TAKAOKA AND IBARAKI 
Proof. FS(S)  has the unique maximal element P and the unique minimal 
element E. For Q, R eFS(S) ,  we see that Q n R ~ Q n R because Q ~ R C 
Q n R by definition and any (sl, s2)~ Q n R satisfies the three conditions 
of Definition 6. Similarly to Theorem l we see thatQ u R is unique. Q.E.D. 
Without proof we state the following lemma. 
LElVIMA 9. Let R C S × S be a partial order on S. For (sl , s2) ~ R, i f  
it does not hoM that 
3s ~ S((sl  , s) ~ R ^ (s, s2) ~ R)  
the set R' = R -- {(sl, s~)} is a maximal partial order smaller than R. 
Using this lemma we can generate all FS  orders in FS(S)  for a reduced 
machine S from P to E iteratively. For the machine S given in Table I, 
the lattice FS(S)  is illustrated in Fig. 4. 
S6 
S3~s 4 
? o  ..... 
\ 
\ 
\ \  
\ 
\ 
\ 
\ 
~ / 
I // 
1 / 
0 0 0 0 0 0 
S~ S 2 S 3 S A S 5 
Fie. 4. Lattice of FS orders FS(S) 
FAIL-SAFE SEQUENTIAL MACHINES 43 
DEFINITION 13. For a given reduced machine S, P(S) is the set of all 
the positive orders of-S. The algebraic system P(S) = (P(S), C, n, u)  is 
defined similarly to Definition 5. 
THEOREM 6. For a given reduced machine S, the algebraic system P(S) = 
( P( S), C , n, .,)forms a lattice.Furthermore, P( S) = SP( S) N FS( S) (i.e., P( S) 
is a sublattice of SP(S) and FS(S)). 
Proof. P(S) has the unique maximal element P and the unique minimal 
element E. For Q, R ~ P(S), we see that Q n R = Q c~ R because 0 n R C 
Q c~ R and Q (~ R is obviously a positive order. Similarly to Theorem 1 
we see that Q u R is unique. The relation P(S) ~- SP(S) n FS(S) is obvious 
from Definitions 10 and 13. Q.E.D. 
LEMMA 10. Let R be a maximal partial order smaller than Q E P(S). 
Then R is a maximal positive order smaller than Q. 
Proof. From Lemma 1 and Lemma 8, it follows that K ~ ~ P(S). Suppose 
that there exists R'eP(S)  such that R C R 'C  R. Then from Lemma 5 
R' = R' and then R' _C R follows from Lemma 4, which is a contradiction. 
Q.E.D. 
From these facts we have the following algorithm for computing P(S) 
for a given reduced machine S. 
ALGORITHM 3. 
(i) Go to Algorithm 2 and compute P. 
(ii) Le t i=0.  
(iii) Let q~0 = {P}- 
(iv) Letk  = 1,~---- ~ (the empty set). 
(v) If Q~) #: E, list up all the maximal partial orders R3's such 
that R~ ~C ~t3{°, where q~ = t~dl"~{i),..., ~d~#,~(i)~ using lemma 9. If Q~) = E, go to 
(ix). 
(vi) 
(vii) 
(ix) 
(x) 
(xi) 
Go to Algorithm 1 and compute/~, for each Rj .  
Let 7 /be  replaced by }P U ~Pk, where ~ ~ {/~3 [R~ C Q~)}. 
If k = n i go to (xi). Otherwise go to (x). 
Increase k by one and go to (v). 
Let ~i+, = 1p _ (~0 u ." u q~i)- 
44 TAKAOKA AND IBARAKI 
(xii) If ~i~a = ~ go to (xiv). Otherwise go to (xiii). 
(xiii) Increase i by one and go to (iv). 
(xiv) Let P(S) : q~o U ~b 1 U -" U ~i and halt. 
Using this algorithm P(S) is computed for the machine S given in Table I 
and is illustrated in Fig. 5. 
/%_  
S 3 
s , : :~~ P: Oo 
s4 
$1 
01 
©2 
o o o o o o ~:w 5 
FIO. 5. Lattice of positive orders P(~). 
FAIL-SAFE SEQUENTIAL MACHINES 45 
IV. STATE ASSIGNMENT PROBLEM 
In this section we assume that Z = {0, 1} and A = {0, 1} with the order 
0 < 1 defined on A. The case of I A j > 2 and 1 Z]  > 2 will be discussed 
in Section V. We construct a binary sequential circuit (BSC) which realizes 
a given machine S and satisfies the following condition: I f  some output 
values of the logic components used in the BSC fail asymmetrically from 0 
to I (it is assumed that the input makes no failure) the induced failure (if any) 
on the output of the BSC is also asymmetric from 0 to 1. (Note that this 
failure on the output includes a failure which is observed after applying 
some input string to the BSC.) This condition is called the fail-safe condition 
(FS condition). 
When we construct a BSC, it may be intuitively clear that, it is necessary 
to define a state assignment such that any error of state vectors caused by 
asymmetric failures 0 -~ I of the logic components does not conflict with 
positive orFS order, in order that the resulting BSC satisfies theFS condition. 
In the following, we will present he precise meaning of this statement and 
give algorithms to obtain such state assignment. 
Let L = {0, 1} be a Boolean space. 
DEFINITION 14. A BSC is a system <f,g> where f= (fl,. . . ,fm), 
f~ : L "~+l --~ L(i = 1, 2,..., m) and g: L ~ --+ L. A BSC<f, g) realizes a machine 
S = <S,M,~,Z,A> under a mapping ¢:S- -~L  ~ (~b is called a state 
assignment), or <f, g, ~b) is a realization of S, if ¢ is one-to-one and 
vs ~ s, w ~ z ¢(M(s, ~)) = f(¢(s), ~) 
v ,  ~ s ~(s) = g(¢(s)), 
where ~: is a binary variable whose value is equal to that of ~. A BSC is 
illustrated in Fig. 6. In this figure, x(t) and x(t q- 1) denote the present 
and the next state vectors respectively, and ~(t) and ~(t) denote the present 
input and the present output, that is, 
x(t + 1) = f(x(t), ~(t)) 
~(t) : g(x(t)). 
The vector of functions f(x, ~) is realized by the state logic, and the function 
g(x) is realized by the output logic. 
I f  <f, g, ¢> satisfies the FS condition, it is called a fail-safe realization 
(FS realization). 
46 TAKAOKA AND IBARAKI 
-----XI STATE LOGIC 
L~OUTPUT LOGIC 
zZJ g(x) >~] 
FIG. 6. Binary sequential circuit. 
DEFINITION 15. The order on L is defined by 0 < 1. The order on L ~ 
is defined by x ~ x' <:> x 1 ~ xl',..., xm ~ x~', where x = (x I ,..., x~,~) and 
x' ---- (x#,.,., x~'). 
L ~ is a partially ordered set, which is denoted by <L ~, ~>. For a realization 
<f, g, ~b> of a given machine S, the partially ordered set <~b(S), ~> is defined 
as a restriction o fL  ~ to ~b(S)CL ~. 
DEFINITION 16. For a realization <f,g, ¢)  of a given machine S, let 
Q¢_c S × S be defined by 
(sl, s2) ~ 9~ ~ ¢(sJ ~< ¢(s2). 
Clearly Q~ is a partial order on S. The partially ordered set S with the order 
Q~ is denoted by S = <S, Q~). 
EXAMPLE 4. Consider the machine S given by Table I. Let a state 
assignment ~b as shown in Fig. 7 be given. The partially ordered set 
S = (S, 0¢)  is the same as the one induced on the set ~b(S) by the order on 
L ~. In this case, <S, Q~) is equal to P of Examples 2 and 3, and shown in 
Fig. 3. 
FAIL-SAFE SEQUENTIAL MACHINES 47 
DEFINITION 17. A realization (f, g, ¢) of a machine S is called a positive 
realization of S, if f~(x, ~)'s are all positive with respect o x, i.e. 
x ~< x' ~ f(x, ~) ~< f(x', ~), 
and g(x) is positive with respect o x. 
~(s6)=(11~) 
q~(s3):(~l°) ~(o11)  
~(s2)=(1°°) ~ ~(s4):(°°1) 
q~(sl):(ooo) 
FIC. 7. Fewest bit assignment for positive realization. 
For a given machine S, obviously a positive realization is an FS realization 
since the failure x -+ x' such that x ~ x' causes the state failure 
f(x, ~) --~ f(x', ~:), where f(x', ~:)/> f(x, ~), 
and the output failure g(x) -+ g(x'), where g(x') >/g(x). 
First we investigate the positive realization of S. 
LEMMA 11. 
( S, Q,)  is a positive order. 
Proof. 
(sl, s~) ~ Q, ~ ¢(s0 < ¢(s~) -~ g(¢(s~)) < g(¢(s2)) ~- 3(Sl) < fi(s2). 
(s~, s~) ~9,  ~ ¢(Sl) < ¢(s~) ~ v~ ~L f(¢(sl), ~) < ~(¢(s~), ~) 
W ~ ~ ¢(M(s~, ~)) < ¢(M(s~, ~)) 
W ~ 2(M(s~, ~), M(s~, ~)) E 2~. 
I f  (f, g, ~b) is a positive realization of a machine S, then 
Q,E.D. 
LEMMA 12. For a realization (f, g, ~) of a given machine S, if the partially 
ordered set (S, Q,) is a positive order, we can make the functions f(x, ~) and 
g(x) positive with respect o x. 
643/22[x -4 
48 TAKAOKAAND IBARAKI 
Proof. From the assumption, the functions f and g satisfy the following. 
¢(s~) ~< ¢(s~) ~ (h ,  s~) ~ 9~ ~/3(h)  ~</3(s~) 
^ Va e 2:(M(sl, a), M(s~, a)) e 9J, ~ g(¢(s,)) • g(¢(@) 
A Va @ ~' ¢(M(Sl, a)) ~. ¢(M(s2, a)) 
g(¢(s~)) < g(¢(s2) ) ^ V~ eL  f(¢(s~), ~) ~< f(¢(s2), ~). 
Hence f and g are positive with respect o x e ¢(S), though the value of f 
and g remains free for x ¢ ¢(S). As proved in Ibaraki and Muroga (1971), 
we can extend f and g so that they are positive with respect o all x ~L% 
Q.E.D. 
The number m for a realization (f, g, ¢) of a given machine S is that of 
bits (or DELAY's) used in the BSC. From the above lemmas we have 
the following theorem. 
THEOREM 7. The fewest bit assignment ¢ for a positive realization (f, g, ¢) 
of a given reduced machine S is obtained by finding the least dimensional boolean 
space L '~ for which there exists ¢ such that (S, Q,) is a positive order of S. 
EXAMPLE 5. Consider the machine S given in Table I. As shown in 
Fig. 5, S has 6 positive orders Q0(=P), Q1,..., ~5(=E). Q0 leads to a three 
bit assignment as shown in Fig. 7, in which (S, Q,)  is the same as (S, P )  
(see Example 4). It is easily seen that Q1,-.., Q5 cannot yield any assignment 
with less number of bits. In particular, ~5 corresponds to the assignment by 
the constant weight code, (i.e., the weights of all ¢(s~)'s are equal). The assign- 
ment by the constant weight code requires at least four bits in this case. 
Now we turn to the fewest bit assignment for an FS realization of a given 
machine. 
DEFINITION 18. Let 
S 1 = ($1, M1,/31,27, A) and S 2 - ($2,11//2,/32, Z, A) 
be two machines. S1 is a submachine of S 2 , or S 2 is an extension of S 1 , if 
S 1 C S2 and 
w ~ &,  v,~ e z Ml(s, ,,) : M~(s, ~) 
Vs e 31/3~(s) =/32(# 
I f  S 1 is a submachine of S 2 we have that M2($1,27) C_ S 1 where 
M~(&, Z) = {M~(s, ~) I s e $1, ~ e 27}. 
FAIL-SAFE SEQUENTIAL MACHINES 49 
DEFINITION 19. Let <f,g, ¢ )  be a realization of a given machine S. 
An (f, g, ¢)-extension of S is a machine S '  : (S ' ,  M ' ,  fi', 27, A)  such that 
] S '  l = 2~ and (f,  g, ¢ )  is a realization of S',  where ¢ is here considered 
as an extended one-to-one mapping S' - -+ L% (Note that S is then a sub- 
machine of S'.) 
EXAMPLE 6. For the machine S given in Table I, there is a realization 
<f, g, ¢ )  with an <f, g, ¢)-extension as shown in Table II. 
TABLE II 
An <f, g, ~b)-Extension 
State 
Ut 
Output \ 
0 1 
sz (000) 0 sl (000) s2 (100) 
s~ (100) 0 sl (000) s3 (110) 
s~ (110) 0 s~ (001) sa (110) 
s4 (001) 1 sl (000) s6 (011) 
s5 (011) 1 sl (000) sG (111) 
s6 (111) 1 s5 (011) s~ (111) 
a (010) 0 sl (000) s3 (110) 
b (101) 1 a (010) s6 (111) 
THEOREM 8. Let <f, g, ~b) be a realization of a given reduced machine S. 
I f  <f, g, ¢) is an FS realization of S, then <S, Q~) is an FS order of S and 
there exists an <f, g, ¢)-extension S' whose maximum positive order P' (which is 
defined by Definition 8) satisfies 
V(sl, s~) E w x w(C(sl) <~ ¢(s~) ~ (sl , s~) E P'), 
where W is inductively defined as follows: 
Wo = s u {s' E s '  L ~s E s ¢(s) <~ ¢(s')} 
w~ = w~_l w {s' E s ' l  ~s E w~_~, 3~ EL f(¢(s), ~) ~< ¢(s')} 
for k : 1 ,2 , . .  
W : W~.  
50 TAKAOKA AND IBARAKI 
(Since S' is finite and W~ is nondecreasing, Wk = Wk-1 holds for a finite h 
(~2m). Then W = W~ holds.) Conversely, if (S, Q,) is an FS order of S and 
there exists an (f, g, ~,b)-extension S' whose maximum positive order P' satisfies 
the above condition, then (f, g, ¢)  is an FS realization of S. (Note that P' is in 
general a pseudo order since S' may not be reduced.) 
Proof. For s 1 , s 2 ~ S, if ~(sl) ~ ¢(s~), the state error s 1 --~ s~ may occur, 
and (sl, &) must be an element of P, i.e., (S, Q,)  is an FS  order. Next note 
that it is possible to reach any state vector ¢(s), s c W of the BSC (f, g, ¢)  
by applying suitable inputs and suitable failures ¢(s')--~ ~(s") such that 
~(s') ~< ¢(s"). Therefore, if ¢ (s l )~  ¢(s~) for s 1 , s 2 ~ W, the state error 
qJ(S3)=(110) 
~(S2)=(lO0) 
FIo. 8. 
d~( s6) :(m ) 
~(s5)=(o11) 
(s4)=(ooO 
qJ(S1)=(O00) 
Fewest bit assignment for FS  realization. 
S6 
S 5 
S 3 
S 1 
FIo. 9. Partially ordered set <S, Q~>. 
S 4 
FAIL-SAFE SEQUENTIAL MACHINES 51 
s 1 --~ s 2 may occur, and hence (sl, s~) must be an element of P'. The converse 
is obvious. Q.E.D. 
Note that (S, Q¢) is an FS order of S if and only if Q, C P. Therefore 
from Theorem 8, it is in principle possible to obtain the fewest bit FS 
realization of S, if we search all possible (f, g, ~b)-extensions of every 
assignment ¢ satisfying Qo _c p and check whether they satisfy the conditions 
of Theorem 8. It is, however, computationally difficult o execute due to the 
excessive number of such possibilities. On the other hand, the search for 
the fewest bit positive realization appears much easier, since the number of 
positive orders of S is usually considerably smaller than that of FS orders. 
In general, however, it seems possible that there exists an S for which an FS 
realization requires less number of bits than any positive realization. 
EXAMPLE 7. For the state assignment given in Table U and Fig. 8 the 
partially ordered set (S, Q,) is given in Fig. 9. The partially ordered set 
(S', Q,)  and the pseudo ordered set (S', P ' )  are illustrated in Fig. 10 and 
Fig. 11. (S, Q,) and (S', P ' )  satisfy the conditions given in Theorem 8. 
The functions f and g are given by 
A(~,  x~, ~., ~) =(~+~+~.)~ 
f~(x~, x~, ~., ~) -- x~+ (.~ + x~+~)~ 
A(x~, x~, x~, ~) =x~x~+~ 
g(x~, x~, x~) =xa.  
s 6 
S3~ s5 
s2 s4 
s 1 
FIG. 10. Partially ordered set (S',00). 
52 TAKAOKA AND IBARAKI 
S 6 
S 3 
S 2 
S 1 
S5 
FIG. 11. Pseudo ordered set (S', P'). 
This gives an FS realization of the machine S, which is not a positive 
realization. Note that f l  is negative with respect o x 3 . 
V. EXTENSION TO MULTIPLE INPUT MULTIPLE 
OUTPUT SEQUENTIAL CIRCUITS 
In this section, we give a brief sketch of a construction method of fail-safe 
sequential circuits with multiple inputs and/or multiple outputs, which are 
realization of sequential machines with I 271 >/3  and/or I A I >~ 3. 
DEFINITION 20. Let one-to-one mappings 7:27--+ L • and 3: A --+ Lq be 
given (7 and 3 are binary eodings of 2," and A respectively). A BSC (with 
multiple inputs and multiple outputs) is a system (f, g) where f = (fa,..., fr~), 
f i :r~+~--,-L ( i=  1,2,...,m) and g=(ga  .... ,gq), g~:L'~-+L ( j=  1, 
2,..., q). A BSC (f, g) realizes a machine S ----- (S, 34, t3, 2:, A) under a 
mapping ¢: S--~L ~ and the above input and output codings, or (f, g, ¢) 
is a realization of S, if ¢ is one-to-one and 
w ~ s, w ~ 27 ¢(m(~, ~)) = ~(¢(0, X~)) 
Vs ~ s ~(~(s)) = g(¢(s)). 
The output vector of S, i.e., 8(~-), ~- ~ A, is denoted by y. 
FAIL-SAFE SEQUENTIAL MACHINES 53 
In this case, a BSC satisfies the fail-safe condition if for any asymmetric 
failures of logic components from 0 to 1, the induced failure (if any) on each 
output is asymmetric from 0 to 1. 
Now assume that the coding ~: A ~ L q satisfies 
w-, -,-' ~ a (8(7) ~< 8(7') ~ 7 ~ 7'), 
where ~ on A is given prior to Definition 7. (Note that in the case of single 
output of Section IV, the coding 3 implicitly assumed is the identity mapping 
8:0 ~-~ 0, 1 ~-~ 1. Thus the above condition is obviously satisfied.) 
With 8 satisfying this condition, any realization (f, g, ¢)  of S subject to 
the fail-safe condition can be considered as a fail-safe realization of S. This 
is because any asymmetric failure of logic components from 0 to 1 causes the 
output failure y -~ y '  for which y ~< y'  holds, and y ~< y'  ~ 8(~) <~ 8(7') 
~- ~< 7' if y = 8(7) and y '  = 8(~') for some 7, 7' ~ A. Therefore, we see that 
the concept of the fail-safe machines with I A I = 2 can be directly extended 
to machines with I A I >~ 3, as far as outputs fail in such a way that 7' ~ A 
satisfying 8(~') ~ y '  exists for any resulting output y'. In case there exists 
no 7' e A such that 8(7') = y', we consider that 
8-1(y ') = {~- ~ A I 8(~-) ~< y'  ^  no 7'(¢~) ~ A(8(~-) ~< 8(7') ~ y')}. 
and define *i < 8 l(y,) if 7i E 8-1(y'). This means that failures on outputs 
such as 7i -~ {7j 1 , Tj~ ,..., 7j~}, where 7i ~ {Tj 1 , 7~ ,..., 7j~}, are defined to be 
safe. With this definition, the concept of the fail-safe machines is consistently 
extended to the multiple output case. 
To obtain a BSC realizing S and satisfying the fail-safe condition, theory 
developed in Section IV can be easily modified by replacing  by g. The 
detail is hence omitted. 
Note that the input coding 7:27-~ L~ can be any one-to-one mapping 
since we do not assume the input failure. 
As an example, consider the case in which A ~ {~1,72, ra} with the 
]:2 ~"1 :3  
• -1:1 
FIG. 12. Partially ordered set A. 
54 TAKAOKA AND IBARAKI 
partial order ~1 < r2 and ~'1 < rs- The partially ordered set (A, ~<) is 
illustrated in Fig. 12. The coding 8: A--->L 2 may be given as shown in 
Fig. 13, in which 8(~) < 8(r2) , $(rl) < $(r8) and the condition of 8 as 
mentioned above is obviously satisfied. 8-1(1, 1) is considered as {~'2, r3} 
and failures such as r 2 --~ {~2, ~} and ~--~ {~2, r~} are considered safe. 
From this, we can obtain a BSC with two outputs. 
(11) 
8 (~2) = 
(1 o) 5 (~c3)= 
(01) 
5(-@:(oo) 
FIG. 13. Binary coding 8 of A. 
VI .  CONCLUSIONS 
Let n be the number of states of a given machine S. We can realize 
(not necessarily an FS realization) the machine S with [log(n)] + 1 bits, 
where [a] is the greatest integer smaller than a. For the state assignment by 
the half weight code, the same number of bits are asymptotically required 
for an FS realization of S if n is sufficiently large [7]. But for small n, we can 
further reduce the number of bits necessary for an FS realization. For this 
purpose, FS orders and positive orders are introduced and algorithms for 
obtaining an FS realization and a positive realization of a given machine S 
by a BSC with the fewest bits are developed. 
Although the algorithm for a positive realization with the fewest bits 
works efficiently, an FS realization with the fewest bits seems difficult to find 
because of the excessive number of possibilities to be examined. The 
improvement of the latter algorithm will be one of the main subjects in the 
future research. 
FAIL-SAFE SEQUENTIAL MACHINES 55 
ACKNOWLEDGMENT 
The authors are indebted to Professor H. Mine of Kyoto University for his support 
of the study. 
RECEIVED: April 9, 1971 
REFERENCES 
IBARAKI, T., AND MUROGA, S. (1971), Synthesis of a network with a minimum number 
of negative gates, IEEE Trans. Computers C-20, 49-58. 
HARRISON, M. A. (1965), "Introduction to Switching and Automata Theory," 
McGraw-Hill, New York. 
HARTMANIS, J., AND STEAIINS, R. E. (1966), "Algebraic Structure Theory of Sequential 
Machines," Prentice-Hall, Englewood Cliffs, N. J. 
HASmMOTO, A., TOKURA, N., AND KASAMI, T. (1967), Fail-safe logic and duplicated 
logic through the use of asymmetrically faulty elements, Jour. IECEJ 50, 680-687. 
HIRAYAMA, H., WATANABE, T., AND URANO, Y. (1969), A construction theory for 
fail-safe logical systems, .Tour. IECEJ 52-C, 33-40. 
MINE, H., AND KOGA, Y. (1967), Basic properties and a construction method for 
fail-safe logical systems, IEEE Trans. on Electronic Computers EC-16, 282-289. 
TAKAOKA, T. (1971), "Algebraic Theory of Automata nd its Application to Fail-Safe 
Systems," Ph.D. Dissertation, Kyoto University, Kyoto, Japan. 
TOI-IMA, Y (1970), Realization of fail-safe sequential machines using flip-flops, Proc. 
of Kyoto International Conference on Circuit and System Theory, 287-288. 
TOKURA, ~NT., t{ASAMI, T., AND OZAKI, H. (1966), On a fail-safe sequential machine, 
Papers of Technical Group on Automata nd Automatic Control, IECEJ. 
WATANABE, T., AND TAKAHASHI, T. (1965), A synthesis method of a fail-safe type 
logical system, 1965 Convention Record of the IECEJ. 
WAT&NABE , T., TAKAHASHI, T., AND ENOMOTO, H. (1966), A construction method of 
fail-safe sequential circuits, 1966 Convention Record of the IECEJ. 
