It is known that a sequential machine is realized by a binary sequential circuit (BSC). In this paper we try to construct a fail-safe BSC realizing a given sequential machine with the additional constraint that its output either takes the correct value or fails from 0 to 1 if the outputs of logic components in BSC, such as AND, OR, NOT gates and DELAY elements, fail asymmetrically from 0 to 1. The word "fail-safe" means that the failure 0 -~ 1 is considered safe while the reverse is not. It is rather easy to construct a fail-safe BSC for a given sequential machine. The main purpose of this paper is to construct a fail-safe BSC with the smallest number of DELAY's.
I. INTRODUCTION
Fail-safe systems for swkching functions were first presented by Watanabe and Takahashi (1965) , and have been studied by Mine and Koga (1967) , Hashimoto, Tokura and Kasami (1967) , Hirayama, Watanabe and Urano (1969) and others. In a fail-safe system for a switching function, if the inputs or the logic components fail asymmetrically from 0 to 1, the induced failure on the output is also asymmetric from 0 to 1, where the value I is considered to be safe even if it is erroneous.
A fail-safe binary sequential circuit (fail-safe BSC) realizing a given machine was presented by Tokura, Kasami and Ozaki (1966) whose behavior is analogous to that of fail-safe systems for switching functions except that no failure on the input is assumed in this case. Fail-safe BSC's were also studied in Watanabe, Takahashi and Enomoto (1966) and Tohma (1970) . In Tokura et al. (1966) , for constructing a fail-safe BSC realizing a given machine, the constant weight code, especially the half weight code, is used for the state assignment. This assignment is sometimes redundant in the sense that the number of bits (i.e., the number of DELAY's) used for the state assignment can be further reduced.
In the present paper we attempt to construct a fail-safe BSC realizing a given machine with the smallest number of bits. It is shown that if all the switching functions used in the BSC are positive with respect to the variables representing internal states, the BSC is fail-safe. This BSC is called positive. We give an algorithm for constructing a positive BSC realizing a given machine with the smallest number of bits. This is done by making use of a certain partial order with the substitution property defined on the given machine.
In general, however, the number of bits required in a fail-safe BSC may be able to be reduced further if we can dispense with the positiveness assumption imposed on the fail-safe BSC. In this case the procedure to obtain a fail-safe BSC with the smallest number of bits becomes somewhat complicated and may be difficult to use in practice, though a method for that is presented.
II. SEQUENTIAL MACHINES AND BINARY RELATIONS WITH THE SUBSTITUTION PROPERTY
In this section we discuss basic properties of binary relations with the substitution property, as a preparation for the subsequent discussion. It is an extension of the wellknown concept of partitions with the substitution property studied by Hartmanis and Stearns (1966) . This extension is necessary because we will deal with partial orders, rather than partitions, with the substitution property. This machine is called Moore type (see for example Harrison, 1965) . Z* denotes the set of all the words (or strings) generated from the input alphabet Z including the null string I. The mapping M is extended from S × Z--* S to S × 2J* ~ S recursively by 
Proof.
The CSP 21 of A has SP and 21 C A. (M(sl , x) , M(s~ , x)) ~ A)).
Note that A 0 = A.
2. We have the following results:
A 0 (recursive formula).
is obvious.
follows because A is finite and the sequence {Ai} is nonincreasing.
Let Ai = Ai+l. Then from (iv) we have (sl , s2) Hence we have that Ai+ 1 -~ Ai+ ~ =-Ai+ a -~ "..
(v) follows from the fact that if (M(sl, x), M(s2, x)) ----(s1',5~'), the pair (sl' , s() can be reached by some word whose length is less than or equal to 2n --2 (e.g., Harrison (1965) ).
Q.E.D.
LEMMA 3. A o~ -A for any A C S × S.
Pro@ Obvious. From these facts we have the following algorithm for obtaining A from a g i v e n A _ C S × S. ALGORITHM 1.
Compute A~+ 1 from A~ by the following recursive formula. If Ai+ 1 = A i , go to (v) . Otherwise go to (iv).
Increase i by one and go to (ii).
Let A = At and halt.
Note that A = A~ for the smallest integer i such that A¢ = A¢+ z and .4 is uniquely computed from A. Thus .d is the maximal set with SP included in A.
DEFINITION 5. For a given machine S, S P ( S ) is the set of all sets A such that E _C A _C 12 and A has SP, where ~2 = S X S and E is the equality relation on S, that is,
E ----{(s, ~) I ~ e S}.
We introduce an order into SP(S) by set inclusion. For A, B e SP(S), A n B is the greatest lower bound and A u B is the smallest upper bound. THEOREM 1. shows that A n B has SP. Therefore N n B = A n B. Next for distinct A, B ~ SP(S) assume that there exist two distinct minimal upper bounds C and D of A and B. Then we have that A u B _CC C n D C C, D which is a contradiction because C (7 D E SP(S), and C and D are minimal upper bounds for A and B.
III. FAIL-SAFE AND POSITIVE ORDERS ON A SEQUENTIAL MACHINE
To obtain a fail-safe realization of a given machine, it is useful to distinguish state errors s i -+ s t of the machine according to whether they cause failures 1--~ 0 on the output (i.e., not fail-safe) or not (i.e., fail-safe). It will be shown that the set of all the fail-safe state errors (denoted P) is a partial order. Then two kinds of partial orders, called positive order and FS order, included in P receive special attention since they play important roles in the state assignment for the fail-safe realization.
In this section we investigate properties of these two kinds of partial orders and give algorithms to obtain them. The actual construction of binary sequential circuits satisfying the fail-safe condition will be discussed in Section IV. DEFINITION 6. A set R _C T × T is called a partial order on the set T if it satisfies the following three conditions (i) Vte T (t, t) ~ R (Reflexivity).
(ii) V(tl, t2) ~ T X T ((t~, t2) e R ^ (t2, tl) e R ~ t 1 = t~) (Anti-symmetry).
(iii) V(tl, t~), V(t2, t~) e T × T ((tl, t2) e n ^ (t2, t3) e n (tl, t3) e R) (Transitivity).
The algebraic system T = (2, R} is called a partially ordered set. If (tl, te) ~ R, Q is said to be in higher order than t 1 (as to the order R.) A partially ordered set T = (T, R} is illustrated by a graph in the conventional way such that, if (t 1 , t2) ~ R, the node of t 2 is written in a higher position than that of t 1 and connected by an edge (or a sequence of edges). R __C_ T x T is said to be a pseudo order if it satisfies only two conditions (i) and (iii). A pseudo ordered set T ~ (T, R} is illustrated similarly to the case of a partially ordered set with the added rule that if (tl, re) e R and (t~, tl) ~ R the nodes of t 1 and t~ are written in the same level. EXAMPLE 1. Let T = {tl, t~, ta} and R ~-{(tl,tl) , (t2,t2) , (t3, ta), (tl, t3) , (t2, t3) }. R is a partial order and the partially ordered set T = (T, R) is illustrated in Fig. 1 
Fie.. 1. Partially ordered set. Hereafter we assume a partial order ~< defined on the set of the output alphabet A of a given machine S = (S, M, fi, 2, A). For example, if A ~ {0, 1}, the order 0 < 1 is usually assumed. DEFINITION 7. A state error (s I , s2) is an element of S × S, which may be interpreted as the error s 1 ~ s 2 occurred in machine S. A state error (sl, s2) is said to satisfy the fail-safe condition (FS condition) if
In the above definition a failure on the output is regarded safe if it is from the smaller to the greater with respect to the order ~<.
DEFINITION 8. For a given machine S, the set P _C S × S is defined by
P is the maximum error set which satisfies the FS condition. Obviously P is unique.
DEFINITION 9. For a given machine S, a set Q c S × S is called an FS order ofS ifQ is a partial order on the set S and satisfies theFS condition. In other words, Q is an FS order if Q is a partial order and Q _c P. LEMMA 6. If a machine S is reduced, the set P is a partial order.
Proof. Reflexivity and transitivity are obvious. As for anti-symmetry we see that
Note that, if S is not reduced, P is in general a pseudo order. Thus we have the next theorem. THEOREM 2. P is the maximal FS order of S, provided that S is reduced.
DEFINITION 10. For a given machine S, a set Q __C S × S is said to be a positive order of S if Q is an FS order and has SP.
Clearly we have the following theorem. THEOREM 3. P is the maximal positive order of S, provided that S is reduced.
EXAMPLE 2. For the reduced machine S given in Table I, M(s 1, 1)-= s~ and M(s2,1): s a imply that (si,s~) induces (s2, s3)). However, all induced state errors (si, sj) satisfy /?(st) ~< ]~(s~.) and hence (s 1 , s2) satisfies the FS condition. Similarly it is possible to make sure that all (s~ , sj) ~ P satisfy the FS condition. Now we present an algorithm to obtain the above P for a given machine S. Consequently P can be obtained by the following algorithm.
ALGORITHM 2.
(i) Let A = P0.
(ii) Go to Algorithm 1.
(iii) L e t P = A .
EXAMPLE 3. For the machine S given in Table I we This P is the same as the one shown in Example 2.
DEFINITION 12. For a given reduced machine S, the algebraic system FS(S) = <FS(S), C, n, u> is defined similarly to Definition 5, where FS(S) is the set of all the F S orders of S.
THEOREM 5. For a given reduced machine S, the algebraic system FS(S) = (FS(S), C, n, u> forms a lattice.
Proof. FS(S) has the unique maximal element P and the unique minimal element E. For Q, R eFS(S), we see that Q n R ~ Q n R because Q ~ R C Q n R by definition and any (sl, s2)~ Q n R satisfies the three conditions of Definition 6. Similarly to Theorem l we see thatQ u R is unique. Q.E.D.
Without proof we state the following lemma.
LElVIMA 9. Let R C S × S be a partial order on S. For (sl , s2) ~ R, if it does not hoM that 3s ~ S((sl , s) ~ R ^ (s, s2) ~ R) the set R' = R --{(sl, s~)} is a maximal partial order smaller than R.
Using this lemma we can generate all FS orders in FS(S) for a reduced machine S from P to E iteratively. For the machine S given in Table I , the lattice FS(S) is illustrated in Fig. 4 . DEFINITION 13. For a given reduced machine S, P(S) is the set of all the positive orders of-S. The algebraic system P(S) = (P(S), C, n, u) is defined similarly to Definition 5. THEOREM 6. For a given reduced machine S, the algebraic system P(S) = ( P( S), C C, n, .,)forms a lattice.Furthermore, P( S) = SP( S) N FS( S) (i.e., P( S) is a sublattice of SP(S) and FS(S)).
Proof. P(S) has the unique maximal element P and the unique minimal element E. For Q, R ~ P(S), we see that Q n R = Q c~ R because 0 n R C Q c~ R and Q (~ R is obviously a positive order. Similarly to Theorem 1 we see that Q u R is unique. The relation P(S) ~-SP(S) n FS(S) is obvious from Definitions 10 and 13.
LEMMA 10. Let R be a maximal partial order smaller than Q E P(S). Then R is a maximal positive order smaller than Q.
Proof. From Lemma 1 and Lemma 8, it follows that K ~ ~ P(S). Suppose that there exists R'eP(S) such that R C R'C R. Then from Lemma 5 R' = R' and then R' _C R follows from Lemma 4, which is a contradiction.
From these facts we have the following algorithm for computing P(S) for a given reduced machine S. (v) If Q~) #: E, list up all the maximal partial orders R3's such that R~ ~C ~t3{°, where q~ = t~dl"~{i),..., ~d~#,(i)~ using lemma 9. If Q~) = E, go to (ix). (xiii) Increase i by one and go to (iv).
(xiv) Let P(S) : q~o U ~b 1 U -" U ~i and halt.
Using this algorithm P(S) is computed for the machine S given in Table I and is illustrated in 
IV. STATE ASSIGNMENT PROBLEM
In this section we assume that Z = {0, 1} and A = {0, 1} with the order 0 < 1 defined on A. The case of I A j > 2 and 1 Z] > 2 will be discussed in Section V. We construct a binary sequential circuit (BSC) which realizes a given machine S and satisfies the following condition: If some output values of the logic components used in the BSC fail asymmetrically from 0 to I (it is assumed that the input makes no failure) the induced failure (if any) on the output of the BSC is also asymmetric from 0 to 1. (Note that this failure on the output includes a failure which is observed after applying some input string to the BSC.) This condition is called the fail-safe condition (FS condition) .
When we construct a BSC, it may be intuitively clear that, it is necessary to define a state assignment such that any error of state vectors caused by asymmetric failures 0-~ I of the logic components does not conflict with positive orFS order, in order that the resulting BSC satisfies theFS condition.
In the following, we will present the precise meaning of this statement and give algorithms to obtain such state assignment.
Let L = {0, 1} be a Boolean space. where ~: is a binary variable whose value is equal to that of ~. A BSC is illustrated in Fig. 6 . In this figure, x(t) and x(t q-1) denote the present and the next state vectors respectively, and ~(t) and ~(t) denote the present input and the present output, that is, g(x(t) ).
x(t + 1) = f(x(t), ~(t)) ~(t) :
The vector of functions f(x, ~) is realized by the state logic, and the function g(x) is realized by the output logic.
If <f, g, ¢> satisfies the FS condition, it is called a fail-safe realization (FS realization). ---(x#,.,., x~') .
L ~ is a partially ordered set, which is denoted by <L ~, ~>. For a realization <f, g, ~b> of a given machine S, the partially ordered set <~b(S), ~> is defined as a restriction ofL ~ to ~b(S)CL ~.
DEFINITION 16. For a realization <f,g, ¢) of a given machine S, let Q¢_c S × S be defined by
(sl, s2) ~ 9~ ~ ¢(sJ ~< ¢(s2).
Clearly Q~ is a partial order on S. The partially ordered set S with the order Q~ is denoted by S = <S, Q~). EXAMPLE 4. Consider the machine S given by Table I . Let a state assignment ~b as shown in Fig. 7 be given. The partially ordered set S = (S, 0¢) is the same as the one induced on the set ~b(S) by the order on L ~. In this case, <S, Q~) is equal to P of Examples 2 and 3, and shown in Fig. 3 . ~ 2(M(s~, ~), M(s~, ~) ) E 2~. If (f, g, ~b) is a positive realization of a machine S, then Q,E.D.
LEMMA 12. For a realization (f, g, ~) of a given machine S, if the partially ordered set (S, Q,) is a positive order, we can make the functions f(x, ~) and g(x) positive with respect to x.
643/22[x -4 TAKAOKAAND IBARAKI
Proof. From the assumption, the functions f and g satisfy the following.
¢(s~) ~< ¢(s~) ~ (h, s~) ~ 9~ ~/3(h) ~</3(s~)
^ Va e 2: (M(sl, a), M(s~, a) ) e 9J, ~ g(¢(s,)) • g(¢(@) A Va @ ~' ¢(M (Sl, a) ) ~. ¢ (M(s2, a) ) g(¢(s~)) < g(¢(s2) ) ^ V~ eL f(¢(s~), ~) ~< f(¢(s2), ~).
Hence f and g are positive with respect to x e ¢(S), though the value of f and g remains free for x ¢ ¢(S). As proved in Ibaraki and Muroga (1971) , we can extend f and g so that they are positive with respect to all x ~L% Q.E.D.
The number m for a realization (f, g, ¢) of a given machine S is that of bits (or DELAY's) used in the BSC. From the above lemmas we have the following theorem. THEOREM 7. The fewest bit assignment ¢ for a positive realization (f, g, ¢) of a given reduced machine S is obtained by finding the least dimensional boolean space L '~ for which there exists ¢ such that (S, Q,) is a positive order of S. EXAMPLE 5. Consider the machine S given in Table I . As shown in Fig. 5 , S has 6 positive orders Q0(=P), Q1,..., ~5(=E). Q0 leads to a three bit assignment as shown in Fig. 7, in which (S, Q,) is the same as (S, P) (see Example 4). It is easily seen that Q1,-.., Q5 cannot yield any assignment with less number of bits. In particular, ~5 corresponds to the assignment by the constant weight code, (i.e., the weights of all ¢(s~)'s are equal). The assignment by the constant weight code requires at least four bits in this case. Now we turn to the fewest bit assignment for an FS realization of a given machine. DEFINITION 19. Let <f,g, ¢) be a realization of a given machine S.
An (f, g, ¢)-extension of S is a machine S' : (S', M', fi', 27, A) such that ] S' l = 2~ and (f, g, ¢) is a realization of S', where ¢ is here considered as an extended one-to-one mapping S'--+ L% (Note that S is then a submachine of S'.) EXAMPLE 6. For the machine S given in Table I , there is a realization <f, g, ¢) with an <f, g, ¢)-extension as shown in Table II . (111) THEOREM 8. Let <f, g, ~b) be a realization of a given reduced machine S. If <f, g, ¢) is an FS realization of S, then <S, Q~) is an FS order of S and there exists an <f, g, ¢)-extension S' whose maximum positive order P' (which is defined by Definition 8) satisfies
where W is inductively defined as follows: (Since S' is finite and W~ is nondecreasing, Wk = Wk-1 holds for a finite h (~2m). Then W = W~ holds.) Conversely, if (S, Q,) is an FS order of S and there exists an (f, g, ~,b)-extension S' whose maximum positive order P' satisfies the above condition, then (f, g, ¢) is an FS realization of S. (Note that P' is in general a pseudo order since S' may not be reduced. S 4 s 1 --~ s 2 may occur, and hence (sl, s~) must be an element of P'. The converse is obvious.
Wo = s u {s' E s' L ~s E s ¢(s) <~ ¢(s')}
Note that (S, Q¢) is an FS order of S if and only if Q, C P. Therefore from Theorem 8, it is in principle possible to obtain the fewest bit FS realization of S, if we search all possible (f, g, ~b)-extensions of every assignment ¢ satisfying Qo _c p and check whether they satisfy the conditions of Theorem 8. It is, however, computationally difficult to execute due to the excessive number of such possibilities. On the other hand, the search for the fewest bit positive realization appears much easier, since the number of positive orders of S is usually considerably smaller than that of FS orders. In general, however, it seems possible that there exists an S for which an FS realization requires less number of bits than any positive realization. EXAMPLE 7. For the state assignment given in Table U and Fig. 8 the partially ordered set (S, Q,) is given in Fig. 9 . The partially ordered set (S', Q,) and the pseudo ordered set (S', P') are illustrated in Fig. 10 and Fig. 11. (S, Q,) This gives an FS realization of the machine S, which is not a positive realization. Note that fl is negative with respect to x 3 .
V. EXTENSION TO MULTIPLE INPUT MULTIPLE OUTPUT SEQUENTIAL CIRCUITS
In this section, we give a brief sketch of a construction method of fail-safe sequential circuits with multiple inputs and/or multiple outputs, which are realization of sequential machines with I 271 >/3 and/or I A I >~ 3. DEFINITION 20. Let one-to-one mappings 7:27--+ L • and 3: A --+ Lq be given (7 and 3 are binary eodings of 2," and A respectively). A BSC (with multiple inputs and multiple outputs) is a system (f, g) where f = (fa,..., fr~), fi:r~+~--,-L (i= 1,2,...,m) and g=(ga .... ,gq), g~:L'~-+L (j= 1, 2,..., q) . A BSC (f, g) realizes a machine S -----(S, 34, t3, 2:, A) under a mapping ¢: S--~L ~ and the above input and output codings, or (f, g, ¢)
is a realization of S, if ¢ is one-to-one and The output vector of S, i.e., 8(~-), ~-~ A, is denoted by y.
In this case, a BSC satisfies the fail-safe condition if for any asymmetric failures of logic components from 0 to 1, the induced failure (if any) on each output is asymmetric from 0 to 1. Now assume that the coding ~: A ~ L q satisfies w-, -,-' ~ a (8(7) ~< 8(7') ~ 7 ~ 7'),
where ~ on A is given prior to Definition 7. (Note that in the case of single output of Section IV, the coding 3 implicitly assumed is the identity mapping 8:0 ~-~ 0, 1 ~-~ 1. Thus the above condition is obviously satisfied.) With 8 satisfying this condition, any realization (f, g, ¢) of S subject to the fail-safe condition can be considered as a fail-safe realization of S. This is because any asymmetric failure of logic components from 0 to 1 causes the output failure y -~ y' for which y ~< y' holds, and y ~< y' ~ 8(~) <~ 8(7') ~-~< 7' if y = 8(7) and y' = 8(~') for some 7, 7' ~ A. Therefore, we see that the concept of the fail-safe machines with I A I = 2 can be directly extended to machines with I A I >~ 3, as far as outputs fail in such a way that 7' ~ A satisfying 8(~') ~ y' exists for any resulting output y'. In case there exists no 7' e A such that 8(7') = y', we consider that 8-1(y ') = {~-~ A I 8(~-) ~< y' ^ no 7'(¢~) ~ A(8(~-) ~< 8(7') ~ y')}. and define *i < 8 l(y,) if 7i E 8-1(y'). This means that failures on outputs such as 7i -~ {7j 1 , Tj~ ,..., 7j~}, where 7i ~ {Tj 1 , 7~ ,..., 7j~}, are defined to be safe. With this definition, the concept of the fail-safe machines is consistently extended to the multiple output case.
To obtain a BSC realizing S and satisfying the fail-safe condition, theory developed in Section IV can be easily modified by replacing g by g. The detail is hence omitted.
Note that the input coding 7:27-~ L~ can be any one-to-one mapping since we do not assume the input failure.
As an example, consider the case in which A ~ {~1,72, ra} with the ]:2 ~"1:3
• -1: 1
FIG. 12. Partially ordered set A. partial order ~1 < r2 and ~'1 < rs-The partially ordered set (A, ~<) is illustrated in Fig. 12 . The coding 8: A--->L 2 may be given as shown in Fig. 13 , in which 8(~) < 8(r2) , $(rl) < $(r8) and the condition of 8 as mentioned above is obviously satisfied. 8-1(1, 1) is considered as {~'2, r3} and failures such as r 2 --~ {~2, ~} and ~--~ {~2, r~} are considered safe. From this, we can obtain a BSC with two outputs. 
VI. CONCLUSIONS
Let n be the number of states of a given machine S. We can realize (not necessarily an FS realization) the machine S with [log(n)] + 1 bits, where [a] is the greatest integer smaller than a. For the state assignment by the half weight code, the same number of bits are asymptotically required for an FS realization of S if n is sufficiently large [7] . But for small n, we can further reduce the number of bits necessary for an FS realization. For this purpose, FS orders and positive orders are introduced and algorithms for obtaining an FS realization and a positive realization of a given machine S by a BSC with the fewest bits are developed.
Although the algorithm for a positive realization with the fewest bits works efficiently, an FS realization with the fewest bits seems difficult to find because of the excessive number of possibilities to be examined. The improvement of the latter algorithm will be one of the main subjects in the future research.
