Decision Problems for Interacting Finite State Machines

Doron Drusinsky-Yoresh
Abstract-Given a system of n interacting finite state machines (FSM's) and a state configuration, the reachability problem is to examine whether this configuration is reachable within the system. We investigate the complexity of this decision problem and three of its derivatives, namely l) verifying system determinism, 2) testing for the existence of unspecified inputs to any FSM within the system, and 3) testing for the exclusiveness of two intra-FSM signals. We prove that these problems are all PSPACE-complete. We show the effect of these problems on the state assignment process for concurrent systems of interacting FSM's.
I. INTRODUCTION
Logic synthesis of sequential finite state machines (FSM's) is a well-developed field of knowledge. There is a massive body of research in this area, originating in the fundamental research of Steams and Hartmanis [7] , [8]. See, for example, [ l ] and [6] .
In this paper we examine logic synthesis of concurrent FSM's. It is our belief that concurrent FSM's will be increasingly used in the future, as exemplified by the following three scenarios:
Consider a real-time control system; here, the real-time constraints impose hardware concurrency of several, perhaps Manuscript received October 5, 1989; revised April 5, 1990, and August 7, 1990 . This paper was recommended by Associate Editor R. K. Brayton.
A preliminary version of this paper was presented at the IFIP Workshop on Applied Formal Methods for Correct VLSI Design (1989) and the Synthesis and Simulation Meeting and International Interchange (1989) .
The author was with the LSI-Logic Development Department, Sony Corporation, Atsugi-shi, Kanagawa-ken 243, Japan. He is now with SSL, Sony, 61 1-B River Oaks Parkway, San Jose, CA 94087.
IEEE Log Number 9100303.
communicating, sequential controllers where, typically, each controller is modeled as an FSM. Consider a design task which is divided between design groups, where each group designs a designated subsystem. When several such subsystems are individually controlled by a finite state mechanism, the whole system is conceptually controlled by a system of communicating concurrent FSM's. Finally, consider the process of silicon compilation of a behavioral hardware description language (HDL). Conventionally, such a compilation output is an FSM for a control mechanism that generates the sequencing instructions for the controlled data path. Naturally, with the advent of higher level HDL's (e.g., VHDL), and for increasingly sophisticated designs, the controlled data path might be inherently concurrent and hierarchical, requiring a network of concurrent FSM's to control it efficiently. Also, it seems quite natural to expect a concurrent behavioral description to be implemented by many controlling FSM's, perhaps one for each sequential process in the high level specification.
Hence, it is important to examine existing, predominantly sequential logic synthesis methodologies in the concurrent realm. To date, this has not been thoroughly done.
In this paper we reexamine the well-known state assignment methodology in this context. In Section 11, we examine three implicit assumptions made by conventional state assignment tools and review them in the light of concurrency. We describe appropriate decision problems and analyze their complexity in Section 111. 1) Determinism (DET): the FSM is assumed to be deterministic; i.e., for every state and every input there is at most one next state. This assumption enables the state assignment program to implement an n-state FSM with as few as log n state variables.
MOTIVATION: STATE ASSIGNMENTS
2) Unspecified input (UT): if at some state there is an input configuration that causes no next state (it triggers no transition; e.g., (a, 0) = (T, F ) in state s3 of Fig. l(a) ), then it is assumed to be an "impossible" input for this state. In other words, it is assumed to be the designer's responsibility to verify that such an incident does not occur. This enables the state assignment program to exploit the free space for optimization; hence, the PLA of Fig pected environment. However, when one wants to economize on the communication area consumed by a network of communicating FSM's, it is tempting to find out which communication signals are timewise exclusive.
In the single-FSM case, the nontrivial assumptions are DET and UI. Verifying DET, namely, verifying that an FSM is deterministic, is easy [9] . UI, on the other hand, is not as easy. In fact, U1 is NP-complete in the number of input wires to the FSM, because it is actually the problem of testing whether there is an input assignment such that all transitions that are outgoing from a given state are disabled. This condition can be formulated as finding a truth assignment for a disjunctive normal form (DNF) formula such that the formula evaluates to false or as the famous CNF satisfiability problem [9] . Nevertheless, heuristics are expected to solve NP-complete problems to a certain degree. Now, consider the network of Fig. 2 . Here, three synchronous FSM's communicate by sending and receiving two binary symbols, a and 0. Semantics for such a network are available in the next section. As in the single-FSM case, a typical state assignment program, when applied to each FSM separately, tries to minimize the size of the implementation and assumes this input FSM to be deterministic. FSM C, however, is not deterministic in its own right. Viewed as an independent FSM, it must certainly consider the possibility that sometime a and 0 might be received simultaneously, which induces nondeterministic behavior. NOVA simply aborts; a different state assignment program might choose a 1-hot implementation or some other implementation that enables nondeterminism [12] . In any event, the basic flaw here is that the system of Fig. 2 will never produce Q = = T and 0 = = T simultaneously, thus ensuring a deterministic behavior of C, and of the whole system for that matter. Note that when each FSM is deterministic the whole system is also deterministic, but not visa versa. For example, in Fig. 2 FSM C is not deterministic when considered separately, but the whole network is.
To understand U1 in a concurrent environment, consider a variant of the network of Fig. 2 where FSM C is substituted by FSM Hence it is clear that for a system of interacting FSM's, these three implicit assumptions often need better verification. For example, a designer might indeed try to design such a system so that DET holds, i.e., so that the system is deterministic. But, as expected for a complex design, he would like to verify that indeed his design is deterministic, i.e., he needs to verify DET. Similarly, a designer might try to time multiplex two exclusive intra-FSM signals on one electrical line. He too is expected to verify his design in this respect, i.e., he needs to verify 100. In the following section, we define the appropriate decision problems, and prove them all to be PSPACE-complete.
We believe these results have the following effect on logic synthesis. Given a system of n communicating FSM's, a naive synthesis approach is to separately synthesize each FSM, and then combine the resulting implementations into a physical network. Our results show that, given existing tools, which typically assume one of the three assumptions discussed earlier, such an approach is not necessarily correct.
RELATED THEORY'
We use the conventional notation. An FSM is a 6-tuple M = (yo, X , Y , Z, 6, A), where X , Y , and Z are finite sets of primary inputs, states, and primary outputs, respectively; 6: X X Y + Y is the next state function; and A: X X Y + Z is the output function. X and Z typically consist of multiple "channels"; thus X = XI X . . . x X , and Z = ZI x x Z,,,, where Z, and Xi are sets of input and output symbols, respectively. Hence FSM inputs and outputs are tuples of symbols. We consider a network of r interacting FSM's, M I , . . . , M'. FSM's communicate by exchanging inputs and outputs with other FSM's without any restriction. Hence a symbol Q can be sent on channel i of FSM M k (i.e., cy E Z f ) and received on channel j of FSM M' (i.e., Q E Xj). Our model is completely synchronous, so Q will be a valid input for M' in the cycle that follows the transmission. Given a sequence of external input symbols (i.e., symbols that originate in the environment), each FSM cames out a computation (run) in a conventional way, considering its inputs as the external inputs together with the inputs received from other FSM's. A newtork configuration { q l , * * ,
Given a network and an initial state configuration, the reachability problem is to define whether the configuration is reachable from the initial state configuration. We shall first investigate the complexity of this general problem, and then show how DET, UI, and IO0 are derived.
Proposition I :
The reachability problem is PSPACE-complete in r, the number of FSM's.
Pro08 First we show that the problem is solvable in PSPACE. We construct a nondeterministic polynomial space algorithm for the problem and then use a theorem by Savitch [l 11 that proves such an algorithm to be in PSPACE too. The nondeterministic algorithm iteratively guesses next states in all FSM's and verifies that these next states indeed compose a legal next-state configuration.
It does so until the desired next-state configuration is reached. Verifying that a configuration is a legal next-state configuration is done by recording the outputs generated by every FSM M i , guessing an external input, and verifying that all FSM's can indeed advance to their desired next state upon the reception of their composite inputs. This process is also done nondeterministically, and consequently in PSPACE. This entire process is camed out in polynomial space.
We prove that the problem is PSPACE-complete using a reduction from the finite automata intersection problem (INT) [ 101. Let F I , . , F, be r deterministic finite state automata (i.e., acceptors) with a common input alphabet E such that Li is the set accepted by Pi. The problem INT is to determine whether the automata accept a common element of E*. We reduce INT to the reachability problem as follows. First we modify the automata Fi so that they produce an output 1 within every accepting state, and 0 otherwise. We denote the new FSM's as Mi. Clearly a word x is accepted iff every FSM M i produces an output sequence that ends with a 1. Now we add communication to the system; each FSM sends its outputs (0 or 1) to all other FSM's. Also, we add a special state S to each consists of the special states of all FSM's is reachable iff there is a word x that belongs to all L, in the original INT problem.
Q.E.D.
Given a network of communicating FSM's as defined above, the determinism problem (DET) is to find whether the system has a sequence of external inputs for which the system run is not unique. The following proposition and proof show that this problem is very similar in essence to the reachability problem.
Proposition 2: DET is PSPACE-complete in r, the number of FSM's.
Sketch of Proof: Solving DET in PSPACE is done with a nondeterministic algorithm that guesses a nondeterministic configuration, generally following the footsteps of the algorithm of Proposition 1 .
The reduction is very similar to that used in Proposition 1. Given an instance of the INT, we modify the automata F, to be FSM's M', as in Proposition 1. Also, we add two contradicting transitions from the special state configuration, namely, we add two different next-state configurations over the same external input. Clearly there is a sequence of external inputs for which the system has two different runs (those that reach the special state configuration and then split) iff there is a word x that belongs to all L, in the original INT problem.
A naive algorithm for DET would be to test each FSM individually for nondeterminism and to conclude that the system is deterministic iff all FSM's are. Such a local test is only partially correct.
Indeed, if all FSM's are deterministic then so is the system, but it might be the case that some FSM's seem to be nondeterministic while the system is deterministic. Consider Fig. 2 . FSM C is nondeterministic whereas the system as a whole is deterministic because Q and 0 are never received simultaneously.
Given a network of communicating FSM's as defined above, the unspecified reception (UI) problem is to find whether there exists an (external) input sequence for which the run is not precisely defined; namely, somewhere within the run the system will not have a next-state configuration. As discussed in Section 11, for a single FSM with k input channels this problem is NP-complete in k . However, when the system consists of more than a single FSM, the problem is more difficult.
Proposition 3: U1 is PSPACE-complete in r, the number of FSM's.
Sketch of Proof:
Solving U1 in PSPACE is done with a nondeterministic algorithm that guesses a configuration with unspecified transitions and then verifies this property.
A reduction from the reachability problem or from INT follows the techniques presented earlier, where a special configuration s is created such that s has no next-state configuration. As before, there is a reachable configuration with unspecified receptions iff INT is positively solved.
Given a network of communicating FSM's as defined above, an FSM within the network, and two inputs to this FSM, the I/O code assignment (100) problem is to check whether the system has a sequence of external inputs such that the two inputs here are received simultaneously by the FSM during its run on the input sequence. Consider Fig. 2 ; where a and 0 are exclusive, which is in fact the reason for the network being deterministic. This is true although they are transmitted on different physical lines. In fact FSM C needs only one input channel for a and 0, where Q E 10. 
ACKNOWLEDGMENT
The author wishes to thank T. Inoue, T. Nakamura, Y. Furui, and T. Sato for their assistance in this research and the participants of the SASHIMI-89 and IFIP workshops for their helpful comments.
I. INTRODUCTION
It is often necessary to solve the convection-diffusion equation in such fields as aerodynamics, fluid dynamics, and microelectronics. If the convection term dominates the diffusion term, numerical oscillation can result when the classical finite element method or the central finite difference method is used. To control the nonphysical oscillation in the solution, Scharfetter and Gummel proposed a discretization method for the one-dimensional current continuity equation in 1969 (usually referred to as the S-G method)
[ 11. This method was later extended to two-and three-dimensional problems (e.g., MINIMOS [2]). However, the S-G discretization method has a loss of accuracy in the streamline-normal direction which can be avoided without sacrificing stability. Usually, the loss of accuracy or numerical dissipation that appears in the streamlinenormal direction is referred to as a crosswind effect. By adding a linear artificial diffusivity to the Galerkin formula in a weighted residual form, Sharma applied the SUPG (streamline upwind/ Petrov-Galerkin) method to semiconductor device simulation to eliminate both numerical oscillation and crosswind effects [3] . Unfortunately, the linear artificial diffusivity is not optimal in most cases and is not applicable to complex current continuity equations other than the drift-diffusion model, e.g., the current continuity equation containing a magnetic field. In this paper, by adding a nonlinear artificial diffusion tensor instead of a linear artificial diffusivity in the streamline direction which satisfies the weighted residual formulation, we derive a generalized S-G method to achieve good stability and accuracy properties simultaneously.
DISCRETIZATION METHODS OF CURRENT CONTINUITY EQUATION
A. A Generalized Expression of the S-G Method
The electron current continuity equation for semiconductor de-
vices can be written as
where R is the net recombination rate and the electron current density, I,, can be described by a drift-diffusion model: d,, = qp,nE i -qD,,Vn.
(2)
Here pn i s the electron mobility, D , is the electron diffusion coefficient, E is the electric field, and q is the elementary charge. Introducing a function Q and setting QV . ( p n n E ) -V Q . D,Vn = 0
we can transform the current continuity equation (1) into the following form:
V (QD,Vn) = RQ.
(4)
There is no convection term in (4). Because of this, we can use the classical Galerkin finite element method in the discretization of (4) without producing any numerical oscillation. Assuming that the whole domain ofJhe solution is divided into many elements and that p,, D,, and E are constant in any element, from (3) we can 0278-0070/91$01.00 0 1991 IEEE
