A framework for compositional nonblocking verification of extended finite-state machines

Abstract

This paper presents a framework for compositional nonblocking verification of discrete event systems modelled as extended finite-state machines (EFSM). Previous results are improved to consider general conflict-equivalence based abstractions of EFSMs communicating both via shared variables and events. Performance issues resulting from the conversion of EFSM systems to finite-state machine systems are avoided by operating directly on EFSMs, deferring the unfolding of variables into state machines as long as possible. Several additional methods to abstract EFSMs and remove events are also presented. The proposed algorithm has been implemented in the discrete event systems tool Supremica, and the paper presents experimental results for several large EFSM models that can be verified faster than by previously used methods.

Appendix: A Normalisation

This appendix contains the proofs of the propositions concerning normalisation presented in Section 4. First Proposition 1 confirms that EFSMs obtained by normalised synchronous composition in Definition 14 and by standard synchronous composition in Definition 9 produce identical flattened FSMs. Next, Proposition 2 confirms that the structure of an EFSM system is preserved after normalisation of individual components. Finally, Proposition 3 confirms that the normalised system is identical to the original system.

Proposition 1

Let \(\mathcal {E}\) be a normalised EFSM system. Then \(U(||\mathcal {E}) = U(\dot {\|}\mathcal {E})\).

Proof

It follows from Definitions 9, 10, and 14 that \(U(||\mathcal {E})\) and \(U(\dot {\|}\mathcal {E})\) have the same event and state sets, including initial and marked states. It remains to be shown that they also have the same transitions.

To show this, write \(\mathcal {E} = \{E_{1},\ldots ,E_{n}\}\), and \({\Sigma }_{i} = {\Sigma }_{E_{i}}\) and \({\Delta }_{i} = {\Delta }_{E_{i}}\) for 1 ≤ i ≤ n.

First let \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(||\mathcal {E})\). By Definition 10 this means \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots ,y_{n})\) in \(||\mathcal {E}\) such that \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\), where \(p \equiv \bigwedge _{i:\sigma \in {\Sigma }_{i}} {\Delta }_{\mathcal {E}}(\sigma )\) by Definition 9 and by the fact that \(\mathcal {E}\) is normalised. Consider two cases for each E _i : either σ ∈ Σ _i or σ ∉ Σ _i . If σ ∈ Σ _i , then \(x_{i} {~}^{\underrightarrow {\sigma :{\Delta }_{\mathcal {E}}(\sigma )}} y_{i}\) in E _i . If σ ∉ Σ _i , then x _i = y _i . Then \((x_{1}, \ldots , x_{n}) {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} (y_{1}, \ldots , y_{n})\) in \(\dot {\|}\mathcal {E}\) by Definition 14, and as \({\Xi }_{V}(\bigwedge _{i:\sigma \in {\Sigma }_{i}} {\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = {\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\), it holds that \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = \mathbf {T}\). Thus, \((x_{1}, \ldots , x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1}, \ldots , y_{n},\hat {w})\) in \(U(\dot {\|}\mathcal {E})\) by Definition 10.

Conversely, assume \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\dot {\|}\mathcal {E})\). By Definition 10 this means \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots ,y_{n})\) in \(\dot {\|}\mathcal {E}\) such that \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\). Consider two cases for each E _i : either σ ∈ Σ _i or σ ∉ Σ _i . If σ ∈ Σ _i , then by Definition 14 it follows that \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _i . If σ ∉ Σ _i , then x _i = y _i . By Definition 9, it follows that \((x_{1}, \ldots , x_{n}) {~}^{\underrightarrow {\,\,\sigma :\bigwedge _{i:\sigma \in {\Sigma }_{i}} p\,\,}} (y_{1}, \ldots , y_{n})\) in \(||\mathcal {E}\), and as \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\), it follows that \({\Xi }_{V}(\bigwedge _{i:\sigma \in {\Sigma }_{i}} p) (\hat {v},\hat {w}) = \mathbf {T}\). Thus, \((x_{1}, \ldots , x_{n},\hat {v}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, \ldots , y_{n},\hat {w})\) in \(U(||\mathcal {E})\) by Definition 10. □

Proposition 2

Let \(\mathcal {E}\) and \(\mathcal {F}\) be EFSM systems, and let \(\rho : {\Sigma }_{\mathcal {F}} \to {\Sigma }_{\mathcal {E}}\) be a renaming, such that \(\mathcal {E}=\{E_{1}, E_{2},\ldots , E_{n}\}\) and \(\mathcal {F} = \{F_{1}\, \rho ^{-1}(E_{2}),\ldots , \rho ^{-1}(E_{n})\}\) and ρ(F ₁ ) = E ₁ . Then \(\rho (||\mathcal {F}) = ||\mathcal {E}\).

Proof

Let

$$\begin{array}{@{}rcl@{}} E = ||\mathcal{E} &=& E_{1} || {\cdots} || E_{n} ; \end{array} $$

(24)

$$\begin{array}{@{}rcl@{}} F = ||\mathcal{F} &=& F_{1} || F_{2} || {\cdots} || F_{n} = F_{1} || \rho^{-1}(E_{2}) || {\cdots} || \rho^{-1}(E_{n}) \ . \end{array} $$

(25)

Clearly \({\Sigma }_{E} = {\Sigma }_{\mathcal {E}} = \rho ({\Sigma }_{\mathcal {F}}) = \rho ({\Sigma }_{F})\), and from ρ(F ₁) = E ₁ it follows that E and ρ(F) have the same state sets, including initial and marked states. It remains to be shown that E and ρ(F) have the same transitions.

First assume \((x_{1}, x_{2},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, y_{2}, \ldots , y_{n})\) in E = E ₁||⋯||E _n . By Definition 9 it holds that \(p = \bigwedge _{i:\sigma \in {\Sigma }_{E_{i}}} p_{i}\) where \(x_{i} {~}^{\underrightarrow {\,\,\sigma :p_{i}\,\,}} y_{i}\) in E _i whenever \(\sigma \in {\Sigma }_{E_{i}}\). Consider two cases.

• If \(\sigma \in {\Sigma }_{E_{1}}\) then \(x_{1} \overset {\sigma :p_{1}}{\to } y_{1}\) in E ₁. Since ρ(F ₁) = E ₁, there exists \(\mu \in {\Sigma }_{F_{1}}\) such that ρ(μ) = σ and \(x_{1} {~}^{\underrightarrow {\,\,\mu :p_{1}\,\,}} y_{1}\) in F ₁. Now consider two cases for each 2 ≤ i ≤ n: either \(\sigma \in {\Sigma }_{E_{i}}\) or \(\sigma \notin {\Sigma }_{E_{i}}\). If \(\sigma \in {\Sigma }_{E_{i}}\) then \(x_{i} {~}^{\underrightarrow {\,\,\sigma :p_{i}\,\,}} y_{i}\) in E _i , and since ρ(μ) = σ it holds by Definition 16 that \(x_{i} {~}^{\underrightarrow {\,\,\mu :p_{i}\,\,}} y_{i}\) in ρ ⁻¹(E _i ). If \(\sigma \notin {\Sigma }_{E_{i}}\) then \(\mu \notin \rho ^{-1}({\Sigma }_{E_{i}}) = {\Sigma }_{\rho ^{-1}(E_{i})}\) and x _i = y _i . Combining the above observations for all i, it follows by Definition 9 that \((x_{1}, x_{2},\ldots , x_{n}) {~}^{\underrightarrow {\,\,\mu :p\,\,}}(y_{1}, y_{2},\ldots , y_{n})\) in F, which implies \((x_{1}, x_{2},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, y_{2},\ldots , y_{n})\) in ρ(F).

• If \(\sigma \notin {\Sigma }_{E_{1}}\) then x ₁ = y ₁. As ρ is surjective by Definition 15, there exists \(\mu \in {\Sigma }_{\mathcal {F}}\) such that ρ(μ) = σ. Then since \(\rho ({\Sigma }_{F_{1}}) = {\Sigma }_{E_{1}}\), it holds that \(\mu \notin {\Sigma }_{F_{1}}\). Now consider two cases for each 2 ≤ i ≤ n: either \(\sigma \in {\Sigma }_{E_{i}}\) or \(\sigma \notin {\Sigma }_{E_{i}}\). If \(\sigma \in {\Sigma }_{E_{i}}\) then \(x_{i} {~}^{\underrightarrow {\,\,\sigma :p_{i}\,\,}} y_{i}\) in E _i , and since ρ(μ) = σ it holds by Definition 16 that \(x_{i} {~}^{\underrightarrow {\,\,\mu :p_{i}\,\,}} y_{i}\) in ρ ⁻¹(E _i ). If \(\sigma \notin {\Sigma }_{E_{i}}\) then \(\mu \notin \rho ^{-1}({\Sigma }_{E_{i}}) = {\Sigma }_{\rho ^{-1}(E_{i})}\) and x _i = y _i . Combining the above observations for all i, it follows by Definition 9 that \((x_{1}, x_{2},\ldots , x_{n}) {~}^{\underrightarrow {\,\,\mu :p\,\,}}(y_{1}, y_{2},\ldots , y_{n})\) in F, which implies \((x_{1}, x_{2},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, y_{2},\ldots , y_{n})\) in ρ(F).

Conversely assume \((x_{1}, x_{2},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, y_{2},\ldots , y_{n})\) in ρ(F). Then there exists \(\mu \in {\Sigma }_{\mathcal {F}}\) such that ρ(μ) = σ and \((x_{1}, x_{2},\ldots , x_{n}) {~}^{\underrightarrow {\,\,\mu :p\,\,}} (y_{1}, y_{2},\ldots , y_{n})\) in F. By Definition 9 it holds that \(p \equiv \bigwedge _{i:\mu \in {\Sigma }_{F_{i}}} p_{i}\) where \(x_{i} {~}^{\underrightarrow {\,\,\mu :p_{i}\,\,}} y_{i}\) in F _i whenever \(\mu \in {\Sigma }_{F_{i}}\). Consider two cases for E ₁:

• If \(\mu \in {\Sigma }_{F_{1}}\) then \(x_{1} {~}^{\underrightarrow {\,\,\mu :p_{1}\,\,}} y_{1}\) in F ₁. Since ρ(μ) = σ, it follows that \(x_{1} \overset {\sigma :p_{1}}{\to } y_{1}\) in ρ(F ₁) = E ₁.

• If \(\mu \notin {\Sigma }_{F_{1}}\) then \(\sigma = \rho (\mu ) \notin \rho ({\Sigma }_{F_{1}}) = {\Sigma }_{E_{1}}\) and x ₁ = y ₁.

Now consider two cases for each 2 ≤ i ≤ n:

• If \(\sigma \in {\Sigma }_{E_{i}}\) then \(\mu \in \rho ^{-1}({\Sigma }_{E_{i}}) = {\Sigma }_{F_{i}}\) and therefore \(x_{i} {~}^{\underrightarrow {\,\,\mu :p_{i}\,\,}} y_{i}\) in F _i = ρ ⁻¹(E _i ). Since ρ(μ) = σ, it holds by Definition 16 that \(x_{i} {~}^{\underrightarrow {\,\,\sigma :p_{i}\,\,}} y_{i}\) in E _i .

• If \(\sigma \notin {\Sigma }_{E_{i}}\) then \(\mu \notin \rho ^{-1}({\Sigma }_{E_{i}}) = {\Sigma }_{F_{i}}\) and x _i = y _i .

Combining the above observations for 1 ≤ i ≤ n, it follows by Definition 9 that \((x_{1}, x_{2},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, y_{2},\ldots , y_{n})\) in E ₁||⋯||E _n = E. □

Proposition 3

Let \(\mathcal {E}\) be an EFSM system such that each \(E \in \mathcal {E}\) is normalised. Then \(||\mathcal {E} = \dot {\|}\mathcal {N}(\mathcal {E})\).

Proof

It follows from Definitions 9, 14, and 17 that \(||\mathcal {E}\) and \(\dot {\|}\mathcal {N}(\mathcal {E})\) have the same event and state sets, including initial and marked states. It remains to be shown that they also have the same transitions.

To show this, write \(\mathcal {E} = \{E_{1},\ldots ,E_{n}\}\), and \({\Sigma }_{i} = {\Sigma }_{E_{i}}\) and \({\Delta }_{i} = {\Delta }_{E_{i}}\) for 1 ≤ i ≤ n.

First assume \((x_{1}, \ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}}(y_{1}, \ldots , y_{n})\) in \(||\mathcal {E}\). Then by Definitions 9 and 17, it holds that \(p \equiv \bigwedge _{i:\sigma \in {\Sigma }_{i}} {\Delta }_{i}(\sigma ) \equiv {\Delta }_{\mathcal {N}(\mathcal {E})}(\sigma )\). Consider two cases for each E _i : either σ ∈ Σ _i or σ ∉ Σ _i . If σ ∈ Σ _i , then \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{i}(\sigma )\,\,}} y_{i}\) in E _i , and since E _i and \(\mathcal {N}(E_{i})\) by Definition 17 have the same alphabet, it holds that \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {N}(\mathcal {E})}(\sigma )\,\,}} y_{i}\) in \(\mathcal {N}(E_{i})\). If σ ∉ Σ _i , then σ is not in the alphabet of \(\mathcal {N}(E_{i})\) and x _i = y _i . Then \((x_{1}, \ldots , x_{n}) {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {N}(\mathcal {E})}(\sigma )\,\,}} (y_{1}, \ldots , y_{n})\) in \(\dot {\|}\mathcal {N}(\mathcal {E})\) by Definition 14, and as \({\Delta }_{\mathcal {N}(\mathcal {E})}(\sigma ) \equiv p\), it holds that \((x_{1}, \ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, \ldots , y_{n})\) in \(\dot {\|}\mathcal {N}(\mathcal {E})\).

Conversely, assume \((x_{1}, \ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, \ldots , y_{n})\) in \(\dot {\|}\mathcal {N}(\mathcal {E})\) where \(p \equiv {\Delta }_{\mathcal {N}(\mathcal {E})}(\sigma ) \equiv \bigwedge _{i:\sigma \in {\Sigma }_{i}} {\Delta }_{i}(\sigma )\). Consider two cases for each E _i : either σ ∈ Σ _i or σ ∉ Σ _i . If σ ∈ Σ _i , then by Definition 14 it follows that \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in \(\mathcal {N}(E_{i})\), and since E _i and \(\mathcal {N}(E_{i})\) have the same alphabet, it holds that \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{i}(\sigma )\,\,}} y_{i}\) in E _i . If σ ∉ Σ _i , then σ is not in the alphabet of E _i and x _i = y _i . By Definition 14, it follows that \((x_{1}, \ldots , x_{n}) {~}^{\underrightarrow {\,\,\sigma :\bigwedge _{i:\sigma \in {\Sigma }_{i}} {\Delta }_{i}(\sigma )\,\,}} (y_{1}, \ldots , y_{n})\) in \(||\mathcal {E}\), and as \(\bigwedge _{i:\sigma \in {\Sigma }_{i}} {\Delta }_{i}(\sigma ) \equiv p\), it holds that \((x_{1}, \ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, \ldots , y_{n})\) in \(||\mathcal {E}\). □

1.1 B EFSM-based compositional verification

This appendix contains the proofs of the results concerning abstraction methods presented in Section 5. Each of the following subsections contains the proofs for the propositions in the corresponding subsection of Section 5.

1.2 B.1 FSM-based conflict equivalence abstraction

This section contains the proof of Proposition 5 in Section 5.1, which states that the nonblocking property of an EFSM system is preserved when the FSM form of a single component is simplified subject to conflict equivalence of FSMs. This proof requires modular reasoning about the unfolded EFSM system to exploit the conflict equivalence of FSM forms.

This reasoning is facilitated using an alternative way to unfold an EFSM system, called modular unfolding, where the variables are unfolded to a single variable FSM while the EFSMs are only replaced by their FSM forms.

Definition 27

Let \(\mathcal {E}\) be a normalised EFSM system with variable set \(V = \text {vars}(\mathcal {E})\). The variable FSM for \(\mathcal {E}\) is \(V_{\mathcal {E}} = \langle {\Sigma }_{\mathcal {E}}, \text {dom}(V), \to _{V}, \{v\circ \}, \text {dom}(V) \rangle \) where \(\hat {v} \overset {\sigma }{\rightarrow }_{V} \hat {w}\) if \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = \mathbf {T}\).

Definition 28

Let \(\mathcal {E} = \{E_{1},\ldots ,E_{n}\}\) be a normalised EFSM system. The modular unfolding of \(\mathcal {E}\) is

$$ \varphi(E_{1}) ||\cdots|| \varphi(E_{n}) || V_{\mathcal{E}} \ . $$

(26)

The variable FSM \(V_{\mathcal {E}}\) has all possible valuations of the variables of \(\mathcal {E}\) as its states and in its transitions encodes all the constraints imposed by the updates. This makes it possible to replace each EFSM E _i by its FSM form φ(E _i ) according to Definition 19, resulting in the system (26) of FSMs that interact in standard FSM synchronous composition (Definition 2). The following Lemma 13 shows that this modular unfolding is isomorphic to the EFSM system unfolding \(U(\mathcal {E})\). Then the modular unfolding can be used to decompose an EFSM system into FSMs and prove Proposition 5.

Lemma 13

Let \(\mathcal {E}=\{E_{1},\ldots , E_{n}\}\) be a normalised EFSM system. Then \(U(\mathcal {E}) = \varphi (E_{1})|| \cdots || \varphi (E_{n})|| V_{\mathcal {E}}\).

Proof

Let \(\mathcal {E} = \{E_{1}, \ldots , E_{n}\}\) with \(E_{i}=\langle {\Sigma }_{i},Q_{i},\to _{i},Q^{\circ }_{\omega },Q^{\omega }_{i}\rangle \), let \(E = U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) by Proposition 1, and let \(F = \varphi (E_{1})|| \cdots || \varphi (E_{n})|| V_{\mathcal {E}}\). Since E _i and φ(E _i ) have the same alphabet Σ _i , it follows that φ(E ₁)||⋯||φ(E _n ) and \(\mathcal {E}\) also have the same alphabet \({\Sigma }_{\mathcal {E}} = \bigcup _{i=1}^{n} {\Sigma }_{i}\). The alphabet of \(V_{\mathcal {E}}\) also is \({\Sigma }_{\mathcal {E}}\), which implies that \({\Sigma }_{E}={\Sigma }_{\mathcal {E}}={\Sigma }_{F}\). Moreover, by Definition 27 it holds that Q _E = Q ₁ × … × Q _n × dom(V) = Q _F , \(Q\circ _{E}=Q\circ _{1}\times \ldots \times Q\circ _{n}\times \{\hat {v}\circ \}=Q\circ _{F}\), and \(Q^{\omega }_{E}=Q^{\omega }_{1}\times \ldots \times Q^{\omega }_{n}\times \text {dom}(V) = Q^{\omega }_{F}\). It is left to show that → _E = → _F .

First let \((x_{1}, \ldots , x_{n}, \hat {v}) \overset {\sigma }{\rightarrow } (y_{1}, \ldots , y_{n}, \hat {w})\) in \(E = U(\dot {\|}\mathcal {E})\). This means by Definition 10 that \((x_{1}, \ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1}, \ldots , y_{n})\) in \(\dot {\|}\mathcal {E}\) where \(p \equiv {\Delta }_{\mathcal {E}}(\sigma )\) and \({\Xi }_{V}(p)(\hat {v}, \hat {w}) = \mathbf {T}\). The latter means by Definition 27 that \(\hat {v} \overset {\sigma }{\rightarrow }_{V} \hat {w}\) in \(V_{\mathcal {E}}\). Now consider two cases for each E _i : either σ ∈ Σ _i or σ ∉ Σ _i . If σ ∈ Σ _i , it follows by Definition 14 that \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _i , which implies \(x_{i}{~}^{\underrightarrow {\,\,\sigma \,\,}}y_{i}\) in φ(E _i ). If σ ∉ Σ _i then x _i = y _i . Thus, \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(\varphi (E_{1})|| \cdots || \varphi (E_{n}) || V_{\mathcal {E}} = F\).

Conversely, let \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(F = \varphi (E_{1}) ||\cdots || \varphi (E_{n}) || V_{\mathcal {E}}\). This means \((x_{1},\ldots ,x_{n}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n})\) in φ(E ₁)||…||φ(E _n ) and \(\hat {v} \overset {\sigma }{\rightarrow } \hat {w}\) in \(V_{\mathcal {E}}\). Consider two cases for each E _i : either σ ∈ Σ _i or σ ∉ Σ _i . If σ ∈ Σ _i then by Definition 2 it follows that \(x_{i}\overset {\sigma }{\rightarrow }y_{i}\) in φ(E _i ). Then by Definition 19 it holds that \(x_{i}{~}^{\underrightarrow {\,\,\sigma :p\,\,}}y_{i}\) in E _i , where \(p \equiv {\Delta }_{E_{i}}(\sigma ) \equiv {\Delta }_{\mathcal {E}}(\sigma )\) as \(\mathcal {E}\) is normalised. If σ ∉ Σ _i then x _i = y _i . Thus, \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}}(y_{1},\ldots ,y_{n})\) in \(\dot {\|}\mathcal {E}\) by Definition 14. Furthermore, as \(\hat {v} \overset {\sigma }{\rightarrow } \hat {w}\) in \(V_{\mathcal {E}}\), it holds by Definition 27 that \({\Xi }_{V}(p)(\hat {v},\hat {w}) = {\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = \mathbf {T}\). It follows by Definition 10 that \((x_{1},\ldots ,x_{n},\hat {v})\overset {\sigma }{\rightarrow }(y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\dot {\|}\mathcal {E}) = E\). □

Proposition 5

Let \(\mathcal {E}=\{E_{1}, E_{2},\ldots , E_{n}\}\) be a normalised EFSM system and let Υ ⊆ Σ ₁ such that (Σ ₂ ∪ ⋯ ∪ Σ _n ) ∩ Υ=∅ and \({\Delta }_{\mathcal {E}}(\sigma ) \equiv \textit {true}\) for all σ ∈ Υ. Let \(\mathcal {F}=\{F_{1}, E_{2},\ldots , E_{n}\}\) be a normalised EFSM system such that φ(E ₁ )∖Υ ≃ _conf φ(F ₁ )∖Υ. Then \(\mathcal {E}\) is nonblocking if and only if \(\mathcal {F}\) is nonblocking.

Proof

Let

$$ \varphi(E_{1}) \setminus {\Upsilon}\simeq_{conf} \varphi(F_{1}) \setminus {\Upsilon}\ . $$

(27)

Because of symmetry it is enough to show that, if \(\mathcal {E}\) is nonblocking then \(\mathcal {F}\) is nonblocking. Therefore assume that \(\mathcal {E}\) is nonblocking, which means that \(U(\mathcal {E})\) is nonblocking. By Lemma 13,

$$ U(\mathcal{E}) = \varphi(E_{1}) || {\cdots} ||\varphi(E_{n}) || V_{\mathcal{E}} $$

(28)

is nonblocking. As \({\Delta }_{\mathcal {E}}(\upsilon ) \equiv \textit {true}\) for all υ ∈ Υ, it holds by Definition 27 that \(\hat {v} {~}^{\underrightarrow {\,\,\upsilon \,\,}} \hat {v}\) in \(V_{\mathcal {E}}\) for all \(\hat {v} \in \text {dom}(\text {vars}(\mathcal {E}))\) and all υ ∈ Υ, and these events appear on no other transitions in \(V_{\mathcal {E}}\). These events are pure selfloop events in \(V_{\mathcal {E}}\) and can be removed (Wonham), i.e.,

$$ U(\mathcal{E}) = \varphi(E_{1}) || {\cdots} ||\varphi(E_{n}) || V_{\mathcal{E}} = \varphi(E_{1}) || {\cdots} ||\varphi(E_{n}) || {V_{\mathcal{E}}}_{|{\Omega}} $$

(29)

is nonblocking, where \({\Omega } = {\Sigma }_{\mathcal {E}} \setminus {\Upsilon }\). Now consider \(T=\varphi (E_{2})||\ldots || \varphi (E_{n})|| {V_{\mathcal {E}}}_{|{\Omega }}\). Then it follows from (Σ₂ ∪ ⋯ ∪ Σ _n ) ∩ Υ = ∅ and Ω ∩ Υ = ∅ that

$$ (\varphi(E_{1}) \setminus {\Upsilon}) || \varphi(E_{2})||\ldots|| \varphi(E_{n}) || {V_{\mathcal{E}}}_{|{\Omega}} $$

(30)

is nonblocking. Note that \(V_{\mathcal {E}} = V_{\mathcal {F}}\). Since φ(E ₁)∖Υ and φ(F ₁)∖Υ are conflict equivalent (27), it follows that

$$ (\varphi(F_{1}) \setminus {\Upsilon}) || \varphi(E_{2})||\ldots|| \varphi(E_{n}) || {V_{\mathcal{F}}}_{|{\Omega}} $$

(31)

is nonblocking. Again since (Σ₂ ∪ ⋯ ∪ Σ _n ) ∩ Υ = ∅ and Ω ∩ Υ = ∅ and the events in Υ are pure selfloops in \(V_{\mathcal {E}} = V_{\mathcal {F}}\), it follows that

$$ \varphi(F_{1})|| \varphi(E_{2})||\ldots|| \varphi(E_{n})|| {V_{\mathcal{F}}}_{|{\Omega}} = \varphi(F_{1})|| \varphi(E_{2})||\ldots|| \varphi(E_{n})|| V_{\mathcal{F}} = U(\mathcal{F}) $$

(32)

is nonblocking, i.e., \(\mathcal {F}\) is nonblocking. □

1.3 B.2 Partial composition

This section proves that the synchronous composition of two components in an EFSM system preserves the nonblocking property of the system as stated in Proposition 6 in Section 5.2. In this proof, it is shown that the results of unfolding before and after partial synchronous composition are not only equivalent but identical.

Proposition 6

(Partial Composition) Let \(\mathcal {E} = \{E_{1}, \ldots , E_{n}\}\) be an EFSM system, and let \(\mathcal {F} = \{E_{1} \dot {\|} E_{2}, E_{3}, \ldots , E_{n}\}\) . Then \(\dot {\|}\mathcal {E}=\dot {\|}\mathcal {F}\).

Proof

It follows from Definition 14 that \(\dot {\|}\mathcal {E}\) and \(\dot {\|}\mathcal {F}\) have the same event and state sets, including initial and marked states. It remains to be shown that they also have the same transitions. Throughout the proof, let \({\Sigma }_{i} = {\Sigma }_{E_{i}}\) for 1 ≤ i ≤ n.

First, let

$$ (x_{1},\ldots,x_{n}) {~}^{\underrightarrow{\;\;\sigma:p\;\;}} (y_{1},\ldots,y_{n}) $$

(33)

in \(\dot {\|}\mathcal {E}\). By Definition 14, this means for each 1 ≤ i ≤ n that either σ ∈ Σ _i and \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) or σ ∉ Σ _i and x _i = y _i . Consider four cases for E ₁ and E ₂.

• If σ ∈ Σ₁ ∩ Σ₂, then \(x_{1}{~}^{\underrightarrow {\;\;\sigma :p\;\;}}y_{1}\) in E ₁ and \(x_{2}{~}^{\underrightarrow {\;\;\sigma :p\;\;}}y_{2}\) in E ₂, and by Definition 14 it holds that \((x_{1},x_{2}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},y_{2})\) in \(E_{1} \dot {\|} E_{2}\).

• If σ ∈ Σ₁∖Σ₂, then \(x_{1} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{1}\) in E ₁ and x ₂ = y ₂, and by Definition 14 it holds that \((x_{1},x_{2}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},x_{2}) = (y_{1},y_{2})\) in \(E_{1} \dot {\|} E_{2}\).

• If σ ∈ Σ₂∖Σ₁, then x ₁ = y ₁ and \(x_{2} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{2}\) in E ₂, and by Definition 14 it holds that \((x_{1},x_{2}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (x_{1},y_{2}) = (y_{1},y_{2})\) in \(E_{1} \dot {\|} E_{2}\).

• If σ ∉ Σ₁ ∪ Σ₂, then σ is not in the alphabet of \(E_{1} \dot {\|} E_{2}\) and (x ₁, x ₂) = (y ₁, y ₂).

Combining the above observations for \(E_{1} \dot {\|} E_{2}\) and E ₃, … , E _n , it follows by Definition 14 that \(((x_{1},x_{2}), x_{3},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} ((y_{1},y_{2}), y_{3},\ldots , y_{n})\) in \(\dot {\|}\mathcal {F}\).

Conversely, let

$$ ((x_{1},x_{2}),x_{3},\ldots,x_{n}) {~}^{\underrightarrow{\;\;\sigma:p\;\;}} ((y_{1},y_{2}),y_{3},\ldots,y_{n}) $$

(34)

in \(\dot {\|}\mathcal {F}\). Consider four cases for E ₁ and E ₂.

• If σ ∈ Σ₁ ∩ Σ₂, then by Definition 14 it holds that \((x_{1},x_{2}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},y_{2})\) in \(E_{1}\dot {\|} E_{2}\), and furthermore \(x_{1} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{1}\) in E ₁ and \(x_{2} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{2}\) in E ₂.

• If σ ∈ Σ₁∖Σ₂, then by Definition 14 it holds that \((x_{1},x_{2}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},y_{2})\) in \(E_{1}\dot {\|} E_{2}\), and furthermore \(x_{1} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{1}\) in E ₁ and σ ∉ Σ₂ and x ₂ = y ₂.

• If σ ∈ Σ₂∖Σ₁, then by Definition 14 it holds that \((x_{1},x_{2}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},y_{2})\) in \(E_{1}\dot {\|} E_{2}\), and furthermore σ ∉ Σ₁ and x ₁ = y ₁ and \(x_{2} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{2}\) in E ₂ and

• if σ ∉ Σ₁ ∪ Σ₂, then by Definition 14 it holds that x ₁ = x ₂ and y ₁ = y ₂.

Furthermore, for 3 ≤ i ≤ n it follows from (34) by Definition 14 that either σ ∈ Σ _i and \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) or σ ∉ Σ _i and x _i = y _i . Combining the above observations for E ₁, … , E _n , it follows by Definition 14 that \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {F}\). □

1.4 B.3 Update simplification

This section proves the correctness of update simplification as stated in Proposition 7 in Section 5.3. The proof uses the following lemma, which shows two EFSM systems with logically equivalent updates with respect to all variables have isomorphic monolithic flattening results.

Lemma 14

Let \(\mathcal {E} = \{E_{1},\ldots , E_{n}\}\) and \(\mathcal {F}=\{F_{1},\ldots , F_{n}\}\) be normalised EFSM systems with \(E_{i} = \langle {\Sigma }_{i}, Q_{i}, {\to _{i}^{E}}, Q^{\circ }_{i}, Q^{\omega }_{i}\rangle \) and \(F_{i}=\langle {\Sigma }_{i}, Q_{i}, {\to _{i}^{F}}, Q^{\circ }_{i}, Q^{\omega }_{i}\rangle \) . Let \(V = \text {vars}(\mathcal {E}) = \text {vars}(\mathcal {F})\) and \({\Delta }_{\mathcal {E}}(\sigma ) \Leftrightarrow _{V} {\Delta }_{\mathcal {F}}(\sigma )\) for all \(\sigma \in {\Sigma }_{\mathcal {E}} = {\Sigma }_{\mathcal {F}}\) , and \({\to _{i}^{F}} = \{\, (x,\sigma ,{\Delta }_{\mathcal {F}}(\sigma ),y) \mid x {{~}^{\underrightarrow {\;\;\sigma :{\Delta }_{\mathcal {E}(\sigma )\;\;}}}}_{i}^{E} y \,\}\) . Then \(U(\mathcal {E}) = U(\mathcal {F})\).

Proof

Clearly, \(U(\mathcal {E})\) and \(U(\mathcal {F})\) by construction both have the same event alphabet \({\Sigma }_{\mathcal {E}}\), and they have the same state sets, including initial and marked states. Also note that \(\mathcal {E}\) and \(\mathcal {F}\) are normalised, so \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) and \(U(\mathcal {F}) = U(\dot {\|}\mathcal {F})\) by Proposition 1. It remains to be shown that \(U(\mathcal {E})\) and \(U(\mathcal {F})\) have the same transitions. Because of symmetry it is enough to show that, if \((x_{1},\ldots , x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\mathcal {E})\) then \((x_{1},\ldots , x_{n}, \hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\mathcal {F})\).

Assume \((x_{1}, \ldots , x_{n}, \hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\). By Definition 10, this means \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {E}\) and \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma )) (\hat {v},\hat {w}) = \mathbf {T}\). Then by construction, \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {F}}(\sigma )\,\,}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {F}\) and \({\Delta }_{\mathcal {E}}(\sigma ) \Leftrightarrow _{V} {\Delta }_{\mathcal {F}}(\sigma )\). The latter means \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma )) \Leftrightarrow {\Xi }_{V}({\Delta }_{\mathcal {F}}(\sigma ))\) by Definition 20, i.e., \({\Xi }_{V}({\Delta }_{\mathcal {F}}(\sigma )) (\hat {v},\hat {w}) = {\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma )) (\hat {v},\hat {w}) = \mathbf {T}\). It follows by Definition 10 that \((x_{1}, \ldots , x_{n}, \hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\dot {\|}\mathcal {F}) = U(\mathcal {F})\). □

Proposition 7 (Update Simplification)

Let \(\mathcal {E} = \{E_{1},\ldots , E_{n}\}\) and \(\mathcal {F}=\{F_{1},\ldots , F_{n}\}\) be normalised EFSM systems with \(E_{i} = \langle {\Sigma }_{i}, Q_{i}, {\to _{i}^{E}}, Q^{\circ }_{i}, Q^{\omega }[i]\rangle \) and \(F_{i}=\langle {\Sigma }_{i}, Q_{i}, {\to _{i}^{F}}, Q^{\circ }_{i}, Q^{\omega }_{i}\rangle \) . Let \(V = \text {vars}(\mathcal {E}) = \text {vars}(\mathcal {F})\) and \({\Delta }_{\mathcal {E}}(\sigma ) \Leftrightarrow _{V} {\Delta }_{\mathcal {F}}(\sigma )\) for all \(\sigma \in {\Sigma }_{\mathcal {E}} = {\Sigma }_{\mathcal {F}}\) , and \({\to _{i}^{F}} = \{\, (x,\sigma ,{\Delta }_{\mathcal {F}}(\sigma ),y) \mid x {{~}^{\underrightarrow {\;\;\sigma :{\Delta }_{\mathcal {E}(\sigma )\;\;}}}}_{i}^{E} y \,\}\) . Then \(\mathcal {E}\) is nonblocking if and only if \(\mathcal {F}\) is nonblocking.

Proof

By Definition 11, \(\mathcal {E}\) is nonblocking if and only if \(U(\mathcal {E})\) is nonblocking, and \(\mathcal {F}\) is nonblocking if and only if \(U(\mathcal {F})\) is nonblocking; and by Lemma 14, it holds that \(U(\mathcal {E}) = U(\mathcal {F})\). It follows that \(\mathcal {E}\) is nonblocking if and only if \(\mathcal {F}\) is nonblocking. □

1.5 B.4 Variable unfolding

This section proves that unfolding of a variable in an EFSM system preserves the nonblocking property of the system as stated in Proposition 8 in Section 5.4. The key step to prove this result is contained in Lemma 15, which shows that the FSMs obtained from completely unfolding the system before and after partial unfolding have essentially the same transition relations. The link between these transition relations is established by extending or restricting valuations to add or remove the variable to be unfolded. The following two definitions are needed for this purpose.

Definition 29

Let \(\hat {v}\colon V \to D\) be a valuation. For a variable set W ⊆ V, the restriction \(\hat {v}_{|W}\colon W \to D\) is defined by \(\hat {v}_{|W}[v] = \hat {v}[v]\) for all v ∈ W.

Definition 30

Let \(V = V_{1} \dot {\cup } V_{2}\) be a variable set, and let \(\hat {v}_{1} \colon V_{1} \to D_{1}\) and \(\hat {v}_{2} \colon V_{2} \to D_{2}\) be two valuations. The extension \(\hat {v}_{1} \oplus \hat {v}_{2}\colon V \to D_{1} \cup D_{2}\) is defined by

$$ (\hat{v}_{1} \oplus \hat{v}_{2})[v] = \left\{\begin{array}{ll} \hat{v}_{1}[v], & \text{if}\ v \in V_{1}\ ; \\ \hat{v}_{2}[v], & \text{if}\ v \in V_{2}\ . \end{array}\right. $$

(35)

Lemma 15

Let \(\mathcal {E}=\{E_{1},\ldots , E_{n}\}\) be a normalised EFSM system and \(z \in \text {vars}(\mathcal {E})\) . Then \((a,x_{1},\ldots ,x_{n},\check {v}) \overset {\sigma }{\rightarrow } (b,x_{1},\ldots ,x_{n},\check {w})\) in \(\rho _{z}(U(\mathcal {E} \setminus z))\) if and only if \((x_{1},\ldots ,x_{n},\check {v} \oplus \{z \mapsto a\}) \overset {\sigma }{\rightarrow } (x_{1},\ldots ,x_{n}, \check {w} \oplus \{z \mapsto b\})\) in \(U(\mathcal {E})\).

Proof

Let \(V = \text {vars}(\mathcal {E})\), and let \(\hat {v} = \check {v} \oplus \{z \mapsto a\}\) and \(\hat {w} = \check {w} \oplus \{z \mapsto b\}\), which means \(\hat {v}[z]=a\) and \(\hat {w}[z] = b\). Also write \(E_{i} = \langle {{\Sigma }_{i},Q_{i},\to _{i},Q^{\circ }_{i},Q^{\omega }_{i}}\rangle \) for 1 ≤ i ≤ n. Note that \(\mathcal {E}\) and \(\mathcal {E}\setminus z\) are normalised, so by Proposition 1 it holds that \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) and \(U(\mathcal {E} \setminus z) = U(\dot {\|}(\mathcal {E} \setminus z))\).

First let \((a,x_{1},\ldots ,x_{n},\check {v}) \overset {\sigma }{\rightarrow } (b,y_{1},\ldots ,y_{n},\check {w})\) in \(\rho _{z}(U(\mathcal {E} \setminus z)) = \rho _{z}(U(\dot {\|}\mathcal {E} \setminus z))\). Note that \(\mathcal {E} \setminus z =\{ U_{\mathcal {E}}(z), U_{z}(E_{1}),\cdots , U_{z}(E_{n})\}\) by Definition 24. Consider two cases.

1. (i)

   σ ∈ Σ _z . Then \(z \in \text {vars}({\Delta }_{\mathcal {E}}(\sigma ))\) by Definition 22, and \((a,x_{1},\ldots ,x_{n},\check {v}) {~}^{\underrightarrow {\,\,(\sigma ^{\prime },a^{\prime },b^{\prime })\,\,}} (b,y_{1},\ldots ,y_{n},\check {w})\) in \(U(\mathcal {E} \setminus z) = U(\dot {\|}(\mathcal {E} \setminus z))\) for some (σ′, a′, b′) ∈ U _z (Σ _z ) such that ρ _z ((σ′, a′, b′)) = σ. By definition of ρ _z it holds that σ′ = σ. By Definition 10, it holds that

   $$\begin{array}{@{}rcl@{}} &&(a, x_{1},\ldots, x_{n}) {~}^{\underrightarrow{\,\,(\sigma,a^{\prime},b^{\prime})\,:\,{\Delta}_{\mathcal{E}\setminus z}((\sigma,a^{\prime},b^{\prime}))\,\,}} (b, y_{1},\ldots, y_{n}) \quad\text{in}\ \dot{\|}(\mathcal{E} \setminus z) \\&&= U_{\mathcal{E}}(z) \dot{\|} U_{z}(E_{1}) \dot{\|}\cdots\dot{\|} U_{z}(E_{n}) \end{array} $$

   (36)

   and \({\Xi }_{V \setminus \{z\}}({\Delta }_{\mathcal {E}\setminus z}((\sigma ,a^{\prime },b^{\prime }))) (\check {v},\check {w}) = \mathbf {T}\). As (σ, a′, b′) = (σ′, a′, b′) ∈ U _z (Σ _z ) is in the alphabet of \(U_{\mathcal {E}}(z)\), it follows that

   $$\begin{array}{@{}rcl@{}} a {~}^{\underrightarrow{\,\,(\sigma,a^{\prime},b^{\prime})\,:\,{\Delta}_{\mathcal{E}\setminus z}((\sigma,a^{\prime},b^{\prime}))\,\,}} b \quad\text{in}\ U_{\mathcal{E}}(z) \ . \end{array} $$

   (37)

   Then it follows from Definition 22 that a′ = a and b′ = b, and \({\Delta }_{\mathcal {E}\setminus z}((\sigma ,a,b)) \equiv {\Xi }_{\{z\}}({\Delta }_{\mathcal {E}}(\sigma ))[z\mapsto a , z^{\prime }\mapsto b]\). Note that

   $$\begin{array}{@{}rcl@{}} {\Xi}_{V}({\Delta}_{\mathcal{E}}(\sigma))(\hat{v},\hat{w}) &=& {\Xi}_{V}({\Delta}_{\mathcal{E}}(\sigma))(\check{v} \oplus \{z \mapsto a\}, \check{w} \oplus \{z \mapsto b\}) \\ &=& {\Xi}_{V \setminus \{z\}}({\Xi}_{\{z\}}({\Delta}_{\mathcal{E}}(\sigma))) (\check{v} \oplus \{z \mapsto a\}, \check{w} \oplus \{z \mapsto b\}) \\ &=& {\Xi}_{V \setminus \{z\}}({\Xi}_{\{z\}}({\Delta}_{\mathcal{E}}(\sigma))) [z \mapsto a, z^{\prime} \mapsto b] (\check{v}, \check{w}) \\ &=& {\Xi}_{V \setminus \{z\}}({\Xi}_{\{z\}}({\Delta}_{\mathcal{E}}(\sigma)) [z \mapsto a, z^{\prime} \mapsto b]) (\check{v}, \check{w}) \\ &=& {\Xi}_{V \setminus \{z\}}({\Delta}_{\mathcal{E}\setminus z}((\sigma,a,b))) (\check{v}, \check{w}) \\ &=& {\Xi}_{V \setminus \{z\}}({\Delta}_{\mathcal{E}\setminus z}((\sigma,a^{\prime},b^{\prime}))) (\check{v}, \check{w}) \\ &=& \mathbf{T} \ . \end{array} $$

   Now consider some E _i with 1 ≤ i ≤ n. If σ ∈ Σ _i then since σ ∈ Σ _z also (σ, a′, b′) ∈ U _z (Σ _i ) so that (σ, a′, b′) is in the alphabet of U _z (E _i ) by Definition 23. It follows from (36) that \(x_{i} {~}^{\underrightarrow {\,\,(\sigma ,a^{\prime },b^{\prime }):{\Delta }_{\mathcal {E}\setminus z}((\sigma ,a^{\prime },b^{\prime }))\,\,}} y_{i}\) in U _z (E _i ), which implies \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} y_{i}\) in E _i by Definition 23. Otherwise, if σ ∉ Σ _i then (σ, a′, b′) is not in the alphabet of U _z (E _i ) and x _i = y _i . Having shown the above for all 1 ≤ i ≤ n, it can be concluded by Definition 14 that \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} (y_{1},\ldots ,y_{n})\) in \(E_{1} \dot {\|} {\cdots } \dot {\|} E_{n} = \dot {\|}\mathcal {E}\).

2. (ii)

   σ ∉ Σ _z . Then \(z \notin \text {vars}({\Delta }_{\mathcal {E}}(\sigma ))\) by Definition 22, and \((a,x_{1},\ldots ,x_{n},\check {v}) {~}^{\underrightarrow {\,\,\sigma ^{\prime }\,\,}} (b,y_{1},\ldots ,y_{n},\check {w})\) in \(U(\mathcal {E} \setminus z) = U(\dot {\|}(\mathcal {E} \setminus z))\) for some \(\sigma ^{\prime } \in {\Sigma }_{\mathcal {E} \setminus z} \setminus U_{z}({\Sigma }_{z})\) such that ρ _z (σ′) = σ. By definition of ρ _z it holds that \(\sigma ^{\prime } = \sigma \in {\Sigma }_{\mathcal {E}}\). By Definition 10, it holds that

   $$ (a, x_{1},\ldots, x_{n}) {~}^{\underrightarrow{\,\,\sigma:{\Delta}_{\mathcal{E}\setminus z}(\sigma)\,\,}} (b, y_{1},\ldots, y_{n}) \quad\text{in}\ \dot{\|}(\mathcal{E} \setminus z) = U_{\mathcal{E}}(z) \dot{\|} U_{z}(E_{1}) \dot{\|}\cdots\dot{\|} U_{z}(E_{n}) $$

   (38)

   and \({\Xi }_{V \setminus \{z\}}({\Delta }_{\mathcal {E} \setminus z}(\sigma )) (\check {v}, \check {w}) = \mathbf {T}\). As \(\sigma \in {\Sigma }_{\mathcal {E}}\), it is clear that σ ∉ U _z (Σ _z ) and thus σ is not in the alphabet of \(U_{\mathcal {E}}(z)\), which implies a = b. Also by (38), there must exist i such that \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}\setminus z}(\sigma )\,\,}} y_{i}\) in U _z (E _i ), which given \(\sigma \in {\Sigma }_{\mathcal {E}}\) implies \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}\setminus z}(\sigma )\,\,}} y_{i}\) in E _i by Definition 23 where \({\Delta }_{\mathcal {E}\setminus z}(\sigma ) \equiv {\Delta }_{\mathcal {E}}(\sigma )\) as \(\mathcal {E}\) is normalised. As \(z \notin \text {vars}({\Delta }_{\mathcal {E}}(\sigma ))\), it holds that \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = {\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\check {v} \oplus \{z \mapsto a\}, \check {w} \oplus \{z \mapsto b\}) = {\Xi }_{V \setminus \{z\}}({\Delta }_{\mathcal {E}}(\sigma ))(\check {v}, \check {w}) = {\Xi }_{V \setminus \{z\}}({\Delta }_{\mathcal {E} \setminus z}(\sigma )) (\check {v}, \check {w}) = \mathbf {T}\).

   Now consider some E _i with 1 ≤ i ≤ n. If σ ∈ Σ _i then since σ ∉ Σ _z it follows from (38) that \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E} \setminus z}(\sigma )\,\,}} y_{i}\) in U _z (E _i ), which implies \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} y_{i}\) in E _i by Definition 23. Otherwise, if σ ∉ Σ _i then σ is not in the alphabet of U _z (E _i ) and x _i = y _i . Having shown the above for all 1 ≤ i ≤ n, it can be concluded by Definition 14 that \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} (y_{1},\ldots ,y_{n})\) in \(E_{1} \dot {\|} {\cdots } \dot {\|} E_{n} = \dot {\|}\mathcal {E}\).

In both cases, it has been shown that \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} (y_{1},\ldots ,y_{n})\) in \(\dot {\|}\mathcal {E}\) and \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = \mathbf {T}\). Then it follows by Definition 10 that \((x_{1},\ldots ,x_{n},\check {v} \oplus \{z \mapsto a\}) = (x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w}) = (y_{1},\ldots ,y_{n},\check {w} \oplus \{z \mapsto b\})\) in \(U(\dot {\|}\mathcal {E}) = U(\mathcal {E})\).

Conversely let \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\). Then it holds by Definition 10 that

$$ (x_{1},\ldots, x_{n}) {~}^{\underrightarrow{\;\;\sigma:p\;\;}} (y_{1},\ldots, y_{n}) \qquad\text{in}\ \dot{\|}\mathcal{E} = E_{1} \dot{\|} {\cdots} \dot{\|} E_{n} $$

(39)

where \(p \equiv {\Delta }_{\mathcal {E}}(\sigma )\) and \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\). Consider two cases.

1. (i)

   σ ∈ Σ _z . Note that \(z \in \text {vars}({\Delta }_{\mathcal {E}}(\sigma )) = \text {vars}(p)\). Then by Definition 22 it holds that \(a {~}^{\underrightarrow {\,\,(\sigma ,a,b):p^{\prime }\,\,}} b\) in \(U_{\mathcal {E}}(z)\) where p′ ≡ Ξ_{z}(p)[z ↦ a, z′ ↦ b] and ρ _z ((σ, a, b)) = σ. Note that \({\Xi }_{V\setminus \{z\}}(p^{\prime })(\check {v},\check {w}) = {\Xi }_{V\setminus \{z\}}({\Xi }_{\{z\}}(p))[z\mapsto a, z^{\prime }\mapsto b]) (\check {v},\check {w}) = ({\Xi }_{V}(p)[z\mapsto a, z^{\prime }\mapsto b]) (\check {v},\check {w}) = {\Xi }_{V}(p)(\check {v} \oplus \{z \mapsto b\},\check {w} \oplus \{z \mapsto b\}) = {\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\).Now consider some E _i with 1 ≤ i ≤ n. If σ ∈ Σ _i , it follows from (39) that \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _i , which implies \(x_{i} {~}^{\underrightarrow {\,\,(\sigma ,a,b):p^{\prime }\,\,}} y_{i}\) in U _z (E _i ) by Definition 23 as σ ∈ Σ _z . Otherwise, if σ ∉ Σ _i then σ is not in the alphabet of E _i and x _i = y _i . Having shown the above for all 1 ≤ i ≤ n, it can be concluded by Definition 14 that

   $$\begin{array}{@{}rcl@{}} (a,x_{1},\ldots,x_{n}) & \!\!\!{~}^{\underrightarrow{\,\,(\sigma,a,b):p^{\prime}\,\,}} (b,y_{1},\ldots,y_{n})~ \text{in}\ U_{\mathcal{E}}(z) \dot{\|} U_{z}(E_{1}) \dot{\|} {\cdots} || U_{z}(E_{n}) \,=\, \dot{\|}(\mathcal{E} \setminus z) \ .\\ \end{array} $$

   (40)

   Since \({\Xi }_{V\setminus \{z\}}(p^{\prime })(\check {v},\check {w}) = \mathbf {T}\), it follows by Definition 10 that \((a,x_{1},\ldots ,x_{n},\check {v}) {~}^{\underrightarrow {\,\,(\sigma ,a,b):p^{\prime }\,\,}} (b,y_{1},\ldots ,y_{n},\check {w})\) in \(U(\dot {\|}(\mathcal {E} \setminus z)) = U(\mathcal {E} \setminus z)\), which implies \((a,x_{1},\ldots ,x_{n},\check {v}) \overset {\sigma }{\rightarrow } (b,y_{1},\ldots ,y_{n},\check {w})\) in \(\rho _{z}(U(\mathcal {E} \setminus z))\).

2. (ii)

   σ ∉ Σ _z . In this case, by Definition 22 it holds that \(z \notin \text {vars}({\Delta }_{\mathcal {E}}(\sigma )) = \text {vars}(p)\) and \(\rho _{z}(\sigma ) = \sigma \in {\Sigma }_{\mathcal {E}}\) is not in the alphabet of \(U_{\mathcal {E}}(z)\). Consider some E _i with 1 ≤ i ≤ n. If σ ∈ Σ _i , it follows from (39) that \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _i , which implies \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in U _z (E _i ) by Definition 23 as σ ∈ Σ _i ∖Σ _z . Otherwise, if σ ∉ Σ _i then σ is not in the alphabet of E _i and x _i = y _i . Having shown the above for all 1 ≤ i ≤ n, it can be concluded by Definition 14 that

   $$\begin{array}{@{}rcl@{}} (a,x_{1},\ldots,x_{n}) & {~}^{\underrightarrow{\;\;\sigma:p\;\;}} (a,y_{1},\ldots,y_{n})\quad \text{in}\ U_{\mathcal{E}}(z) \dot{\|} U_{z}(E_{1}) \dot{\|} {\cdots} \dot{\|} U_{z}(E_{n}) = \dot{\|}(\mathcal{E} \setminus z) \ .\\ \end{array} $$

   (41)

   From \({\Xi }_{V}(p)(\hat {v}, \hat {w}) = \mathbf {T}\) and z ∉ vars(p)⊇vars′(p), it follows that \((z^{\prime }=z)(\hat {v}, \hat {w}) = \mathbf {T}\). This means \(a = \hat {v}[z] = \hat {w}[z] = b\) and \({\Xi }_{V \setminus \{z\}}(p)(\check {v}, \check {w}) = {\Xi }_{V}(p)(\hat {v}, \hat {w}) = \mathbf {T}\). Then by Definition 10, it holds that \((a, x_{1}, \ldots , x_{n}, \check {v}) \overset {\sigma }{\rightarrow } (a, y_{1}, \ldots , y_{n}, \check {w}) = (b, y_{1}, \ldots , y_{n}, \check {w})\) in \(U(\dot {\|}(\mathcal {E} \setminus z)) = U(\mathcal {E} \setminus z)\), which given ρ _z (σ) = σ implies \((a, x_{1}, \ldots , x_{n}, \check {v}) \overset {\sigma }{\rightarrow } (b, y_{1}, \ldots , y_{n}, \check {w})\) in \(\rho _{z}(U(\mathcal {E} \setminus z))\).

□

Proposition 8 (Variable Unfolding)

Let \(\mathcal {E}\) be a normalised EFSM system, and let \(z \in \text {vars}(\mathcal {E})\) . Then \(\mathcal {E}\) is nonblocking if and only if \(\mathcal {E} \setminus z\) is nonblocking.

Proof

Let \(\mathcal {E} = \{E_{1},\ldots , E_{n}\}\), let \(\mathcal {E} \setminus z = \{U_{\mathcal {E}}(z), U_{z}(E_{1}),\ldots , U_{z}(E_{n})\), according to Definition 24, and let \(\rho _{z}\colon {\Sigma }_{\mathcal {E}} \cup U_{z}({\Sigma }_{z}) \to {\Sigma }_{\mathcal {E}}\) be the variable renaming map according to Definition 22.

First assume \(\mathcal {E}\) is nonblocking, which implies \(U(\mathcal {E})\) is nonblocking. It will be shown that \(\rho _{z}(U(\mathcal {E}\setminus z))\) is nonblocking. Assume \((a^{0}, {x^{0}_{1}},\ldots ,{x_{n}^{0}},\check {v}^{0}) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} (a^{l}, {x^{l}_{1}},\ldots , {x_{n}^{l}},\check {v}^{l})\) in \(\rho _{z}(U(\mathcal {E}\setminus z))\). From Lemma 15 it follows that \(({x^{0}_{1}},\ldots , {x_{n}^{0}},\check {v}^{0} \oplus \{z \mapsto a^{0}\}) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{l}_{1}},\ldots , {x_{n}^{l}}, \check {v}^{l} \oplus \{z \mapsto a^{l}\})\) in \(U(\mathcal {E})\). Since \(U(\mathcal {E})\) is nonblocking, there exists a path \(({x^{l}_{1}},\ldots , {x_{n}^{l}},\hat {v}^{l}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots , {x_{n}^{m}},\hat {v}^{m})\) in \(U(\mathcal {E})\) such that \(({x^{m}_{1}},\ldots , {x_{n}^{m}}) \in Q_{1}^{\omega } \times {\cdots } \times Q_{n}^{\omega }\). From Lemma 15 it follows that \((a^{l}, {x^{l}_{1}},\ldots , {x_{n}^{l}},\check {v}^{l}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} \cdots {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}} (a^{m}, {x^{m}_{1}},\ldots , {x_{n}^{m}},\check {v}^{m})\) in \(\rho _{z}(U(\mathcal {E}\setminus z))\) such that \(({x^{m}_{1}},\ldots , {x_{n}^{m}}) \in Q_{1}^{\omega } \times {\cdots } \times Q_{n}^{\omega }\) and \(\hat {v}^{i} = \check {v}^{i} \oplus \{z \mapsto a^{i}\}\) for l + 1 ≤ i ≤ m. Since \(({x^{l}_{1}},\ldots , {x_{n}^{l}},\hat {v}^{l})\) was chosen arbitrarily, it holds that \(\rho _{z}(U(\mathcal {E}\setminus z))\) is nonblocking. Since renaming preserves nonblocking, it holds that \(U(\mathcal {E}\setminus z)\) is nonblocking, which implies that \(\mathcal {E}\setminus z\) is nonblocking.

Conversely assume \(\mathcal {E} \setminus z\) is nonblocking. Then \(U(\mathcal {E}\setminus z)\) is nonblocking, which implies \(\rho _{z}(U(\mathcal {E}\setminus z))\) is nonblocking. It will be shown that \(U(\mathcal {E})\) is nonblocking. Assume \(({x^{0}_{1}},\ldots , {x_{n}^{0}},\hat {v}^{0}) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{l}_{1}},\ldots , {x_{n}^{l}},\hat {v}^{l})\) in \(U(\mathcal {E})\). From Lemma 15, it follows that \((a^{0}, {x^{0}_{1}},\ldots , {x_{n}^{0}},\check {v}^{0}) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} \cdots {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} (a^{l}, {x^{l}_{1}},\ldots , {x_{n}^{l}},\check {v}^{l})\) in \(\rho _{z}(U(\mathcal {E}\setminus z))\), where \(\hat {v}^{i} = \check {v}^{i} \oplus \{z \mapsto a^{i}\}\) for 0 ≤ i ≤ l. Since \(\rho _{z}(U(\mathcal {E}\setminus z))\) is nonblocking, there exists a path \((a^{l}, {x^{l}_{1}},\ldots , {x_{n}^{l}},\check {v}^{l}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} (a^{m}, {x^{m}_{1}},\ldots , {x_{n}^{m}},\check {v}^{m})\) in \(\rho _{z}(U(\mathcal {E} \setminus z))\) such that \(({x^{m}_{1}},\ldots , {x_{n}^{m}}) \in Q_{1}^{\omega } \times {\cdots } \times Q_{n}^{\omega }\). From Lemma 15 it follows that \(({x^{l}_{1}},\ldots , {x_{n}^{l}}, \check {v}^{l} \oplus \{z \mapsto a^{l}\}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots , {x_{n}^{m}},\check {v}^{m} \oplus \{z \mapsto a^{m}\})\) in \(U(\mathcal {E})\) such that \(({x^{m}_{1}},\ldots , {x_{n}^{m}}) \in Q_{1}^{\omega } \times {\cdots } \times Q_{n}^{\omega }\). Since \(({x^{l}_{1}},\ldots , {x_{n}^{l}},\hat {v}^{l})\) was chosen arbitrarily, it follows that \(U(\mathcal {E})\) is nonblocking, which implies that \(\mathcal {E}\) is nonblocking. □

1.6 B.5 Event simplification

This section contains proofs of correctness of the event removal and merging operations in Propositions 9–12 in Section 5.5. The common approach to prove that abstractions such as these preserve the nonblocking property of an EFSM system, is to show that for each path in the EFSM system before abstraction there exists a corresponding path after abstraction, and vice versa.

First, to prove Prop. 9, which states that false-removal preserves the nonblocking property, it is shown in Lemma 16 that every path in any EFSM system resulting from restriction can be lifted to a path in the original system, and conversely it is shown in Lemma 17 that paths in an EFSM system also exist in a system resulting from false-removal.

Lemma 16

Let \(\mathcal {E} = \{E_{1},\ldots ,E_{n}\}\) be a normalised EFSM system, let \({\Omega } \subseteq {\Sigma }_{\mathcal {E}}\) , and let \(\hat {u} \in \text {dom}(\text {vars}(\mathcal {E}) \setminus \text {vars}(\mathcal {E}_{|{\Omega }}))\) . Then \((x_{1},\ldots , x_{n}, \hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\mathcal {E}_{|{\Omega }})\) implies \((x_{1},\ldots , x_{n}, \hat {v} \oplus \hat {u}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w} \oplus \hat {u})\) in \(U(\mathcal {E})\).

Proof

Let \(\mathcal {F} = \mathcal {E}_{|{\Omega }}\) and \(V = \text {vars}(\mathcal {E})\) and \(W = \text {vars}(\mathcal {E}_{|{\Omega }}) \subseteq \text {vars}(\mathcal {E}) = V\).

Assume \((x_{1},\ldots , x_{n}, \hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\mathcal {F}) = U(\dot {\|}\mathcal {F})\). Then σ ∈ Ω, and by Definition 10 it holds that \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {F}\) with \(p \equiv {\Delta }_{\mathcal {F}}(\sigma )\) and \({\Xi }_{W}(p)(\hat {v},\hat {w}) = \mathbf {T}\). By Definition 14, it holds that \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _{i |Ω} for each i such that 1 ≤ i ≤ n and \(\sigma \in {\Sigma }_{E_{i}}\), with \(p \equiv {\Delta }_{\mathcal {F}}(\sigma )\) and \(\text {vars}(p) \subseteq \text {vars}(\mathcal {F}) = \text {vars}(\mathcal {E}_{|{\Omega }}) = W\). As →_|Ω ⊆ →, it follows that \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _i for each i such that \(\sigma \in {\Sigma }_{E_{i}}\). This shows \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {E}\) by Definition 14. As furthermore \({\Xi }_{W}(p)(\hat {v},\hat {w}) = \mathbf {T}\) and vars′(p) ⊆ vars(p) ⊆ W, it holds that \({\Xi }_{V}(p)(\hat {v}\oplus \hat {u},\hat {w}\oplus \hat {u}) = \mathbf {T}\). Thus, \((x_{1},\ldots , x_{n}, \hat {v}\oplus \hat {u}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w}\oplus \hat {u})\) in \(U(\dot {\|}\mathcal {E}) = U(\mathcal {E})\) by Definition 10. □

Lemma 17

Let \(\mathcal {E}\) be a normalised EFSM system, and let \({\Lambda } \subseteq {\Sigma }_{\mathcal {E}}\) be a set of events such that for all λ ∈ Λ at least one of the following conditions holds:

1. (i)

   \({\Delta }_{\mathcal {E}}(\lambda ) \equiv \textit {false}\);

2. (ii)

   There exists \(E \in \mathcal {E}\) such that λ ∈ Σ _E , but there does not exist any transition \(x {{~}^{\underrightarrow {\lambda :p}}} y\) in E.

Also let \(W = \text {vars}(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\) . Then \((x_{1},\ldots , x_{n},\hat {v}) \overset {\sigma }{\rightarrow }(y_{1},\ldots , y_{n},\hat {w})\) in \(U(\mathcal {E})\) implies \((x_{1},\ldots , x_{n},\hat {v}_{|W}) \overset {\sigma }{\rightarrow }(y_{1},\ldots , y_{n},\hat {w}_{|W})\) in \(U(\mathcal {E}_{|{\Sigma }_{\mathcal {E}}\setminus {\Lambda }})\).

Proof

Let \(\mathcal {E} = \{E_{1},\ldots ,E_{n}\}\) and \({\Omega } = {\Sigma }_{\mathcal {E}} \setminus {\Lambda }\) and \(\mathcal {F} = \mathcal {E}_{|{\Omega }}\) and \(V=\text {vars}(\mathcal {E})\). It is clear that \(W = \text {vars}(\mathcal {E}_{|{\Omega }}) \subseteq \text {vars}(\mathcal {E}) = V\).

Assume \((x_{1},\ldots , x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n},\hat {w})\) in \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\). By Definition 10, it follows that \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {E}\) with \(p \equiv {\Delta }_{\mathcal {E}}(\sigma )\) and \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\). Note that σ ∈ Λ cannot hold, because if σ ∈ Λ, then either (i) \(p \equiv {\Delta }_{\mathcal {E}}(\sigma ) \equiv \textit {false}\) in contradiction to \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\), or (ii) there exists \(E = E_{k} \in \mathcal {E}\) such that σ ∈ Σ _E and \(x_{k} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{k}\) in E = E _k does not hold, in contradiction to \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {E}\) by Definition 9. Thus σ ∈ Ω and \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {E}_{|{\Omega }} = \dot {\|}\mathcal {F}\). As also \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\) and \(\text {vars}^{\prime }(p) \subseteq \text {vars}(p) \subseteq \text {vars}(\mathcal {E}_{|{\Omega }}) = W\), it follows that \({\Xi }_{W}(p)(\hat {v}_{|W},\hat {w}_{|W}) = \mathbf {T}\). Thus, by Definition 10 it holds that \((x_{1},\ldots , x_{n},\hat {v}_{|W}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w}_{|W})\) in \(U(\dot {\|}\mathcal {F}) = U(\mathcal {F}) = U(\mathcal {E}_{|{\Omega }})\). □

Proposition 9 (false-Removal)

Let \(\mathcal {E}\) be a normalised EFSM system, and let \({\Lambda } \subseteq {\Sigma }_{\mathcal {E}}\) be a set of events such that for all λ ∈ Λ at least one of the following conditions holds:

1. (i)

   \({\Delta }_{\mathcal {E}}(\lambda ) \equiv \textit {false}\);

2. (ii)

   There exists \(E \in \mathcal {E}\) such that λ ∈ Σ _E , but there does not exist any transition \(x {{~}^{\underrightarrow {\lambda :p}}} y\) in E.

Proof

Note that \(\mathcal {E}\) and thus \(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }}\) are normalised, so \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) and \(U(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }}) = U(\dot {\|}\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\) by Proposition 1.

Assume \(\mathcal {E}\) is nonblocking, which means that \(U(\mathcal {E})\) is nonblocking. It will be shown that \(U(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\) is nonblocking. Let \((x\circ _{1},\ldots ,x^{\circ }_{n},\hat {v}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} ({x^{1}_{1}},\ldots ,{x^{1}_{n}},\hat {v}^{1}) {~}^{\underrightarrow {\,\,\sigma _{2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}}({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) in \(U(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }}) = U(\dot {\|}\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\) where \((x^{\circ }_{1},\ldots ,x^{\circ }_{n}) \in Q^{\circ }_{1} \times \cdots \times Q^{\circ }_{n}\). By Lemma 16, it follows that \(({x^{0}_{1}},\ldots ,{x^{0}_{n}}, \hat {v}\circ \oplus \hat {u}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} ({x^{1}_{1}},\ldots ,{x^{1}_{n}}, \hat {v}^{1}\oplus \hat {u}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}} ({x^{l}_{1}},\ldots ,{x^{l}_{n}}, \hat {v}^{l}\oplus \hat {u}^{\circ })\) in \(U(\dot {\|}\mathcal {E})\). Since \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) is nonblocking, there exists a path \(({x^{l}_{1}},\ldots ,{x^{l}_{n}}, \hat {v}^{l}\oplus \hat {u}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} (x^{l+1}_{1},\ldots ,x^{l+1}_{n}, \hat {w}^{l+1}) {~}^{\underrightarrow {\,\,\sigma _{l+2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {w}^{m})\) in \(U(\dot {\|}\mathcal {E})\) such that \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). From Lemma 17 and as \((\hat {v}^{l}\oplus \hat {u}\circ )_{|W}=\hat {v}^{l}\), it follows that \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} (x^{l+1}_{1},\ldots ,x^{l+1}_{n}, \hat {w}^{l+1}_{|W}) {~}^{\underrightarrow {\,\,\sigma _{l+2}\,\,}} \cdots {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {v}^{m}_{|W})\) in \(U(\dot {\|}\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\) and \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). Since \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) was chosen arbitrarily, it follows that \(U(\dot {\|}\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }}) = U(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\) is nonblocking, i.e., \(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }}\) is nonblocking.

Conversely assume \(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }}\) is nonblocking, which means that \(U(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\) is nonblocking. Let \((x^{\circ }_{1},\ldots ,x^{\circ }_{n}, \hat {v}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} ({x^{1}_{1}},\ldots , {x^{1}_{n}}, \hat {v}^{1}) {~}^{\underrightarrow {\,\,\sigma _{2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}} ({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) in \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) where \((x^{\circ }_{1},\ldots ,x^{\circ }_{n}) \in Q^{\circ }_{1} \times \cdots \times Q^{\circ }_{n}\). By Lemma 17, it holds that \((x^{\circ }_{1},\ldots ,x^{\circ }_{n},\hat {v}^{\circ }_{|W}) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} ({x^{1}_{1}},\ldots , {x^{1}_{n}},\hat {v}^{1}_{|W}) {~}^{\underrightarrow {\,\,\sigma _{2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}} ({x^{l}_{1}},\ldots , {x^{l}_{n}},\hat {v}^{l}_{|W})\) in \(U(\dot {\|}\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\). As \(U(\dot {\|}\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }}) = U(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\) is nonblocking, there exists a path \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}_{|W}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} (x^{l+1}_{1},\ldots ,x^{l+1}_{n},\hat {w}^{l+1}) {~}^{\underrightarrow {\,\,\sigma _{l+2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots , {x^{m}_{n}},\hat {w}^{m})\) in \(U(\dot {\|}\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }})\) such that \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). By Lemma 16, it follows that \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) = ({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}_{|W}\oplus \hat {v}^{l}_{|V\setminus W}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} (x^{l+1}_{1},\ldots ,x^{l+1}_{n}, \hat {w}^{l+1}\oplus \hat {v}^{l}_{|V\setminus W}) {~}^{\underrightarrow {\,\,\sigma _{l+2}\,\,}} \cdots {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}}, \hat {w}^{m}\oplus \hat {v}^{l}_{|V\setminus W})\) in \(U(\dot {\|}\mathcal {E})\) and \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). As \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) was chosen arbitrarily, it follows that \(U(\dot {\|}\mathcal {E}) = U(\mathcal {E})\) is nonblocking, i.e., \(\mathcal {E}\) is nonblocking. □

As selfloop removal is also defined using restriction, the proof of Proposition 10 again uses Lemma 16 to lift paths from an abstracted system to the original system. For the converse, the following Lemma 18 shows that a path in the original system also exists in the abstracted system after selfloop removal, except possibly for the deletion of some selfloops.

Lemma 18

Let \(\mathcal {E} = \{E_{1},\ldots ,E_{n}\}\) be a normalised EFSM system with event alphabet \({\Sigma }_{\mathcal {E}} = {\Omega } \dot {\cup } {\Lambda }\) , which is selfloop-only for Λ. Then \((x_{1},\ldots , x_{n}, \hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\mathcal {E})\) implies \((x_{1},\ldots , x_{n}, \hat {v}_{|W}) {~}^{\underrightarrow {\,\,P_{\Omega }(\sigma )\,\,}} (y_{1},\ldots , y_{n}, \hat {w}_{|W})\) in \(U(\mathcal {E}_{|{\Omega }})\) where \(W = \text {vars}(\mathcal {E}_{|{\Omega }})\).

Proof

Let \(V = \text {vars}(\mathcal {E})\). Clearly \(W = \text {vars}(\mathcal {E}_{|{\Omega }}) \subseteq \text {vars}(\mathcal {E}) = V\).

Assume that \((x_{1},\ldots , x_{n}, \hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\). Then by Definition 10 it holds that \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {E}\) with \(p \equiv {\Delta }_{\mathcal {E}}(\sigma )\) and \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\). By Definition 14 it holds that \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) for each i such that 1 ≤ i ≤ n and \(\sigma \in {\Sigma }_{E_{i}}\), and x _i = y _i for each i such that 1 ≤ i ≤ n and \(\sigma \notin {\Sigma }_{E_{i}}\). Consider two cases for σ: either σ ∈ Λ or σ ∉ Λ.

• If σ ∈ Λ then P _Ω(σ) = ε, and since each E _i is selfloop-only for σ ∈ Λ, it follows from \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _i that x _i = y _i and vars′(p) = ∅. From vars′(p) = ∅ and \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\) it follows that \(\hat {v} = \hat {w}\), which implies \(\hat {v}_{|W}=\hat {w}_{|W}\). Given P _Ω(σ) = ε, it follows that \((x_{1},\ldots , x_{n}, \hat {v}_{|W}) {~}^{\underrightarrow {\,\,P_{\Omega }(\sigma )\,\,}} (x_{1},\ldots , x_{n}, \hat {v}_{|W}) = (y_{1},\ldots , y_{n}, \hat {w}_{|W})\) in \(U(\dot {\|}\mathcal {E}_{|{\Omega }}) = U(\mathcal {E}_{|{\Omega }})\).

• If σ ∉ Λ then P _Ω(σ) = σ. In this case, it follows from \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _i that \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _{i |Ω}, and thus \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {E}_{|{\Omega }}\). As this transition is in \(\dot {\|}\mathcal {E}_{|{\Omega }}\), it holds that \(\text {vars}^{\prime }(p) \subseteq \text {vars}(p) \subseteq \text {vars}(\dot {\|}\mathcal {E}_{|{\Omega }}) = \text {vars}(\mathcal {E}_{|{\Omega }}) = W\), so it follows from \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\) that \({\Xi }_{W}(p) (\hat {v}_{|W},\hat {w}_{|W}) = \mathbf {T}\). By Definition 10, it follows that \((x_{1},\ldots , x_{n},\hat {v}_{|W}) {~}^{\underrightarrow {\,\,P_{\Omega }(\sigma )\,\,}} (y_{1},\ldots , y_{n}, \hat {w}_{|W})\) in \(U(\dot {\|}\mathcal {E}_{|{\Omega }}) = U(\mathcal {E}_{|{\Omega }})\).

□

Proposition 10 (Selfloop Removal)

Let \(\mathcal {E}\) be a normalised EFSM system that is selfloop-only for \({\Lambda } \subseteq {\Sigma }_{\mathcal {E}}\) . Then \(\mathcal {E}\) is nonblocking if and only if \(\mathcal {E}_{|{\Sigma }_{\mathcal {E}} \setminus {\Lambda }}\) is nonblocking.

Proof

Let \(\mathcal {E} = \{E_{1},\ldots ,E_{n}\}\) and \({\Omega } = {\Sigma }_{\mathcal {E}} \setminus {\Lambda }\) and \(V = \text {vars}(\mathcal {E})\) and \(W = \text {vars}(\mathcal {E}_{|{\Omega }})\).

Assume \(\mathcal {E}\) is nonblocking, which means that \(U(\mathcal {E})\) is nonblocking. It will be shown that \(U(\mathcal {E}_{|{\Omega }})\) is nonblocking. Let \((x^{\circ }_{1},\ldots , x^{\circ }_{n}, \hat {v}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} ({x^{1}_{1}},\ldots , {x^{1}_{n}}, \hat {v}^{1}) {~}^{\underrightarrow {\,\,\sigma _{2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}} ({x^{l}_{1}},\ldots , {x^{l}_{n}}, \hat {v}^{l})\) in \(U(\mathcal {E}_{|{\Omega }}) = U(\dot {\|}\mathcal {E}_{|{\Omega }})\) where \((x^{\circ }_{1},\ldots , x^{\circ }_{n}) \in Q^{\circ }_{1} \times \cdots \times Q^{\circ }_{n}\). By Lemma 16, it follows that \(({x^{0}_{1}},\ldots ,{x^{0}_{n}}, \hat {v}\circ \oplus \hat {u}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} ({x^{1}_{1}},\ldots ,{x^{1}_{n}}, \hat {v}^{1}\oplus \hat {u}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}} ({x^{l}_{1}},\ldots ,{x^{l}_{n}}, \hat {v}^{l}\oplus \hat {u}^{\circ })\) in \(U(\dot {\|}\mathcal {E})\). Since \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) is nonblocking, there exists a path \(({x^{l}_{1}},\ldots ,{x^{l}_{n}}, \hat {v}^{l}\oplus \hat {u}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} (x^{l+1}_{1},\ldots ,x^{l+1}_{n}, \hat {w}^{l+1}) {~}^{\underrightarrow {\,\,\sigma _{l+2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {w}^{m})\) in \(U(\dot {\|}\mathcal {E})\) such that \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). From Lemma 18 and since \((\hat {v}^{l}\oplus \hat {u}^{\circ })_{|W}=\hat {v}^{l}\), it follows that \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\,\,P_{\Omega }(\sigma _{l+1})\,\,}} (x^{l+1}_{1},\ldots ,x^{l+1}_{n}, \hat {w}^{l+1}_{|W}) {~}^{\underrightarrow {\,\,P_{\Omega }(\sigma _{l+2})\,\,}} {\cdots } {~}^{\underrightarrow {\,\,P_{\Omega }(\sigma _{m})\,\,}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {v}^{m}_{|W})\) in \(U(\dot {\|}\mathcal {E}_{|{\Omega }})\) and \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). Since \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) was chosen arbitrarily, it follows that \(U(\dot {\|}\mathcal {E}_{|{\Omega }}) = U(\mathcal {E}_{|{\Omega }})\) is nonblocking, i.e., \(\mathcal {E}_{|{\Omega }}\) is nonblocking.

Conversely assume \(\mathcal {E}_{|{\Omega }}\) is nonblocking, which means that \(U(\mathcal {E}_{|{\Omega }})\) is nonblocking.Let\((x^{\circ }_{1},\ldots , x^{\circ }_{n}, \hat {v}^{\circ }) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} ({x^{1}_{1}},\ldots , {x^{1}_{n}}, \hat {v}^{1}) {~}^{\underrightarrow {\,\,\sigma _{2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}} ({x^{l}_{1}},\ldots , {x^{l}_{n}}, \hat {v}^{l})\) in \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) where \((x\circ _{1},\ldots , x\circ _{n}) \in Q^{\circ }_{1} \times \cdots \times Q^{\circ }_{n}\). By Lemma 18, it holds that \((x^{\circ }_{1},\ldots , x^{\circ }_{n}, \hat {v}^{\circ }_{|W}) {~}^{\underrightarrow {\,\,P_{\Omega }(\sigma _{1})\,\,}} ({x^{1}_{1}},\ldots , {x^{1}_{n}},\hat {v}^{1}_{|W}) {~}^{\underrightarrow {\,\,P_{\Omega }(\sigma _{2})\,\,}} \cdots {~}^{\underrightarrow {\,\,P_{\Omega }(\sigma _{l})\,\,}} ({x^{l}_{1}},\ldots , {x^{l}_{n}},\hat {v}^{l}_{|W})\) in \(U(\dot {\|}\mathcal {E}_{|{\Omega }})\). Since \(U(\dot {\|}\mathcal {E}_{|{\Omega }}) = U(\mathcal {E}_{|{\Omega }})\) is nonblocking, there exists a path \(({x^{l}_{1}},\ldots , {x^{l}_{n}}, \hat {v}^{l}_{|W}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} (x^{l+1}_{1},\ldots , x^{l+1}_{n}, \hat {w}^{l+1}) {~}^{\underrightarrow {\,\,\sigma _{l+2}\,\,}} \cdots {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots , {x^{m}_{n}},\hat {w}^{m})\) in \(U(\dot {\|}\mathcal {E}_{|{\Omega }})\) such that \(({x^{m}_{1}},\ldots , {x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). By Lemma 16, it follows that \(({x^{l}_{1}},\ldots , {x^{l}_{n}},\hat {v}^{l}) \!\!\!\!\!\!\,=\,\!\!\!\!\!\! ({x^{l}_{1}},\ldots , {x^{l}_{n}},\hat {v}^{l}_{|W}\oplus \hat {v}^{l}_{|V\setminus W}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} (x^{l+1}_{1},\ldots ,x^{l+1}_{n}, \hat {w}^{l+1}\oplus \hat {v}^{l}_{|V\setminus W}) {~}^{\underrightarrow {\,\,\sigma _{l+2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}}, \hat {w}^{m}\oplus \hat {v}^{l}_{|V\setminus W})\) in \(U(\dot {\|}\mathcal {E})\) and \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). As \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) was chosen arbitrarily, it follows that \(U(\dot {\|}\mathcal {E}) = U(\mathcal {E})\) is nonblocking, i.e., \(\mathcal {E}\) is nonblocking. □

The next result to prove is Proposition 11, which states that the nonblocking property of an EFSM system is preserved by event merging. Again, it needs to be established that for each path in the EFSM system before abstraction there exists a corresponding path after abstraction, and vice versa. First, Lemma 19 shows that every path in an EFSM system can be found again after renaming, and afterwards Lemma 20 shows how to lift a path from the abstracted system after event merging back to the original system.

Lemma 19

Let \(\mathcal {E} = \{E_{1},\ldots ,E_{n}\}\) be an EFSM system, and let \(\rho \colon {\Sigma }_{\mathcal {E}} \to {\Sigma }^{\prime }\) be an arbitrary renaming. Then \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\mathcal {E})\) implies \((x_{1},\ldots ,x_{n},\hat {v}) {~}^{\underrightarrow {\,\,\rho (\sigma )\,\,}} (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\rho (\mathcal {E}))\).

Proof

Write V = vars(E) and \({\Sigma }_{i} = {\Sigma }_{E_{i}}\) for 1 ≤ i ≤ n. Assume \((x_{1},\ldots ,x_{n},\hat {v})\overset {\sigma }{\rightarrow }(y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\mathcal {E})\). By Definition 10, this means \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots ,y_{n})\) in \(||\mathcal {E}\) where \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\). By Definition 9, it holds that \(x_{i} {~}^{\underrightarrow {\,\,\sigma :p_{i}\,\,}} y_{i}\) for each E _i such that σ ∈ Σ _i , and x _i = y _i for each E _i such that σ ∉ Σ _i , and \(p \equiv \bigwedge _{\sigma \in {\Sigma }_{i}} p_{i}\). For σ ∈ Σ _i it follows that \(x_{i} {~}^{\underrightarrow {\,\,\rho (\sigma ):p_{i}\,\,}} y_{i}\) in ρ(E _i ), and therefore \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\rho (\sigma ):p}} (y_{1},\ldots ,y_{n})\) in \(||\rho (\mathcal {E})\). As \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\) and \(\text {vars}(\rho (\mathcal {E})) = \text {vars}(\mathcal {E}) = V\), it follows by Definition 10 that \((x_{1},\ldots ,x_{n},\hat {v}){~}^{\underrightarrow {\,\,\rho (\sigma )\,\,}}(y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\rho (\mathcal {E}))\). □

Lemma 20

Let \(\mathcal {E} = \{E_{1},\ldots , E_{n}\}\) be a normalised EFSM system with \(E_{i}=\langle {\Sigma }_{i},Q_{i},\to _{i},Q^{\circ }_{\omega },Q^{\omega }_{i}\rangle \) , let \(E_{k} \in \mathcal {E}\) , and let \(\rho \colon {\Sigma }_{\mathcal {E}} \to {\Sigma }^{\prime }\) be a renaming such that the following conditions hold for all \(\sigma _{1},\sigma _{2} \in {\Sigma }_{\mathcal {E}}\) with ρ(σ ₁ ) = ρ(σ ₂):

1. (i)

   \({\Delta }_{\mathcal {E}}(\sigma _{1}) = {\Delta }_{\mathcal {E}}(\sigma _{2})\);

2. (ii)

   for all i ≠ k, it holds that σ ₁ ∈ Σ _i if and only if σ ₂ ∈ Σ _i , and for all x,y ∈ Q _i it holds that \(x {{~}^{\underrightarrow {\sigma _{1}:{\Delta }_{\mathcal {E}}(\sigma _{1})}}}_{i} y\) if and only if \(x {{~}^{\underrightarrow {\sigma _{2}:{\Delta }_{\mathcal {E}}(\sigma _{2})}}}_{i} y\).

Then \((x_{1},\ldots ,x_{n},\hat {v}) {~}^{\underrightarrow {\mu }} (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\rho (\mathcal {E}))\) implies \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\mathcal {E})\) for some \(\sigma \in {\Sigma }_{\mathcal {E}}\) such that ρ(σ) = μ.

Proof

First note that \(\mathcal {E}\) is normalised, which implies by assumption (i) that \(\rho (\mathcal {E})\) is normalised. Therefore, it holds by Proposition 1 that \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) and \(U(\rho (\mathcal {E})) = U(\dot {\|}\rho (\mathcal {E}))\).

Assume \((x_{1},\ldots ,x_{n},\hat {v}) {~}^{\underrightarrow {\mu }} (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\rho (\mathcal {E})) = U(\dot {\|}\rho (\mathcal {E}))\). Then it holds by Definition 10 that \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\,\,\mu :p\,\,}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\rho (\mathcal {E})\) where \(p \equiv {\Delta }_{\rho (\mathcal {E})}(\mu )\) and \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\) where \(V = \text {vars}(\rho (\mathcal {E})) = \text {vars}(\mathcal {E})\). Consider two cases: either μ ∈ ρ(Σ _k ) or μ ∉ ρ(Σ _k ).

• If μ ∈ ρ(Σ _k ), then \(x_{k} {~}^{\underrightarrow {\,\,\mu :p\,\,}} y_{k}\) in ρ(E _k ) by Definition 14. Then there exists σ ∈ Σ _k such that ρ(σ) = μ and \(x_{k} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{k}\) in E _k .

• If μ ∉ ρ(Σ _k ), then x _k = y _k by Definition 14. As ρ is surjective by Definition 15, there exists \(\sigma \in {\Sigma }_{\mathcal {E}}\) such that ρ(σ) = μ. Note that σ ∉ Σ _k as otherwise μ = ρ(σ) ∈ ρ(Σ _k ).

In both cases there exists \(\sigma \in {\Sigma }_{\mathcal {E}}\) with ρ(σ) = μ, with other properties mentioned in each case. Now consider two cases for each i ≠ k: either σ ∈ Σ _i or σ ∉ Σ _i .

• If σ ∈ Σ _i , then μ = ρ(σ) ∈ ρ(Σ _i ) and thus \(x_{i} {~}^{\underrightarrow {\,\,\mu :p\,\,}} y_{i}\) in ρ(E _i ) by Definition 14. Then there exists σ _i ∈ Σ _i such that ρ(σ _i ) = μ and \(x_{i} {~}^{\underrightarrow {\,\,\sigma _{i}:p\,\,}} y_{i}\) in E _i . As i ≠ k and ρ(σ _i ) = μ = ρ(σ), it follows by assumption (ii) that σ ∈ Σ _i and \(x_{i} {~}^{\underrightarrow {\;\;\sigma :p\;\;}} y_{i}\) in E _i .

• If σ ∉ Σ _i , then μ = ρ(σ) ∉ ρ(Σ _i ) and thus x _i = y _i by Definition 14.

Combining the above observations for k and all i ≠ k, it follows by Definition 14 that \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\;\;\sigma :p\;\;}} (y_{1},\ldots ,y_{n})\) in \(\dot {\|}\mathcal {E}\). As furthermore \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\), it follows by Definition 10 that \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\dot {\|}\mathcal {E}) = U(\mathcal {E})\). □

Proposition 11 (Event Merging)

Let \(\mathcal {E} = \{E_{1},\ldots , E_{n}\}\) be a normalised EFSM system with \(E_{i}=\langle {\Sigma }_{i},Q_{i},\to _{i},Q^{\circ }_{\omega },Q^{\omega }_{i}\rangle \) , let \(E_{k} \in \mathcal {E}\) , and let \(\rho \colon {\Sigma }_{\mathcal {E}} \to {\Sigma }^{\prime }\) be a renaming such that the following conditions hold for all \(\sigma _{1},\sigma _{2} \in {\Sigma }_{\mathcal {E}}\) with ρ(σ ₁ ) = ρ(σ ₂):

1. (i)

   \({\Delta }_{\mathcal {E}}(\sigma _{1}) = {\Delta }_{\mathcal {E}}(\sigma _{2})\);

2. (ii)

   for all i ≠ k, it holds that σ ₁ ∈ Σ _i if and only if σ ₂ ∈ Σ _i , and for all x,y ∈ Q _i it holds that \(x {{~}^{\underrightarrow {\sigma _{1}:{\Delta }_{\mathcal {E}}(\sigma _{1})}}}_{i} y\) if and only if \(x {{~}^{\underrightarrow {\sigma _{2}:{\Delta }_{\mathcal {E}}(\sigma _{2})}}}_{i} y\).

Then \(\mathcal {E}\) is nonblocking if and only if \(\rho (\mathcal {E})\) is nonblocking.

Proof

First assume \(\mathcal {E}\) is nonblocking, which means that \(U(\mathcal {E})\) is nonblocking. It will be shown that \(\mathcal {E}\) is nonblocking. Let \(U(\rho (\mathcal {E})) {~}^{\underrightarrow {\mu _{1}}} ({x^{1}_{1}},\ldots ,{x^{1}_{n}},\hat {v}^{1}) {~}^{\underrightarrow {\mu _{2}}} \cdots {~}^{\underrightarrow {\mu _{l}}}({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\). By Lemma 20, there exist events σ ₁, … , σ _l such that \(U(\mathcal {E}) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} ({x^{1}_{1}},\ldots ,{x^{1}_{n}},\hat {v}^{1}) {~}^{\underrightarrow {\,\,\sigma _{2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}} ({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\). Since \(U(\mathcal {E})\) is nonblocking, there exists a path \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} {\cdots } {~}^{\underrightarrow {\;\;\sigma _{m}\;\;}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {v}^{m})\) in \(U(\mathcal {E})\) such that \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }[1] \times \cdots \times Q^{\omega }[n]\). From Lemma 19, it follows that \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\;\;\rho (\sigma _{l+1})\;\;}} {\cdots } {~}^{\underrightarrow {\,\,\rho (\sigma _{m})\,\,}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {v}^{m})\) in \(U(\rho (\mathcal {E}))\) and \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). Since \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) was chosen arbitrarily, it follows that \(U(\rho (\mathcal {E}))\) is nonblocking, i.e., \(\mathcal {E}\) is nonblocking.

Conversely assume \(\mathcal {F}\) is nonblocking, which means that \(U(\mathcal {F})\) is nonblocking. Let \(U(\mathcal {E}) {~}^{\underrightarrow {\,\,\sigma _{1}\,\,}} ({x^{1}_{1}},\ldots , {x^{1}_{n}}, \hat {v}^{1}) {~}^{\underrightarrow {\,\,\sigma _{2}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{l}\,\,}} ({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\). By Lemma 19, it holds that \(U(\mathcal {F}) {~}^{\underrightarrow {\,\,\rho (\sigma _{1})\,\,}} ({x^{1}_{1}},\ldots , {x^{1}_{n}},\hat {v}^{1}) {~}^{\underrightarrow {\,\,\rho (\sigma _{2})\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\rho (\sigma _{l})\,\,}} ({x^{l}_{1}},\ldots , {x^{l}_{n}},\hat {v}^{l})\). As \(U(\mathcal {F})\) is nonblocking, there exists a path \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\,\,\mu _{l+1}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\mu _{m}\,\,}} ({x^{m}_{1}},\ldots , {x^{m}_{n}},\hat {v}^{m})\) in \(U(\mathcal {F})\) such that \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). By Lemma 20, there exist events σ ₁₊₁, … , σ _m such that \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\,\,\sigma _{l+1}\,\,}} {\cdots } {~}^{\underrightarrow {\,\,\sigma _{m}\,\,}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {v}^{m})\) in \(U(\mathcal {E})\) and \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). As \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) was chosen arbitrarily, it follows that \(U(\mathcal {E})\) is nonblocking, i.e., \(\mathcal {E}\) is nonblocking. □

Similar to event merging, to prove that update merging preserves the nonblocking property of an EFSM system as stated in Proposition 12, the relationship between the paths in the system before and after abstraction is first established. Lemma 21 shows how to construct a path in the abstracted system after update merging from a path in the original system, and Lemma 22 shows how to do the converse.

Lemma 21

Let \(\mathcal {E}\hspace *{-3pt} \!\!\,=\,\!\!\hspace *{-3pt} \{E_{1},\ldots ,\hspace *{-3pt} E_{n}\}\) beanormalisedEFSMsystemwith \(E_{i} = \langle {\Sigma }_{i},Q_{i},\to _{i},Q^{\circ }_{\omega },Q^{\omega }_{i}\rangle \) . Let ρ be a renaming such that the following conditions hold for all \(\sigma _{1},\sigma _{2} \in {\Sigma }_{\mathcal {E}}\) with ρ(σ ₁ ) = ρ(σ ₂):

1. (i)

   \(\text {vars}^{\prime }({\Delta }_{\mathcal {E}}(\sigma _{1})) = \text {vars}^{\prime }({\Delta }_{\mathcal {E}}(\sigma _{2}))\),

2. (ii)

   for all i = 1, … , n it holds that σ ₁ ∈ Σ _i if and only if σ ₂ ∈ Σ _i , and for all x,y ∈ Q _i it holds that \(x {{~}^{\underrightarrow {{\sigma _{1}:{\Delta }_{\mathcal {E}}(\sigma _{1})}}}}_{i} y\) if and only if \(x {{~}^{\underrightarrow {\sigma _{2}:{\Delta }_{\mathcal {E}}(\sigma _{2})}}}_{i} y\)

Further let \(\mathcal {F}=\{F_{1},\ldots , F_{n}\}\) such that \(F_{i} = \langle \rho ({\Sigma }_{i}), Q_{i}, {\to _{i}^{F}} , Q^{\circ }_{i}, Q^{\omega }_{i}\rangle \) where \({\to _{i}^{F}} =\, \{ (x,\rho (\sigma ), {\Delta }_{\mathcal {F}}(\rho (\sigma )), y) \mid x {~}^{\underrightarrow {\sigma :{\Delta }_{\mathcal {E}}(\sigma )}} y \,\}\) and \({\Delta }_{\mathcal {F}}(\mu ) \equiv \bigvee _{\sigma \in \rho ^{-1}(\mu )} {\Delta }_{\mathcal {E}}(\sigma )\) for all \(\mu \in {\Sigma }_{\mathcal {F}}\) . Then \((x_{1},\ldots , x_{n}, \hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\mathcal {E})\) implies \((x_{1},\ldots , x_{n}, \hat {v}) {~}^{\underrightarrow {\,\,\rho (\sigma )\,\,}} (y_{1},\ldots , y_{n}, \hat {w})\) in \(U(\mathcal {F})\).

Proof

Note that \(\mathcal {E}\) and \(\mathcal {F}\) are normalised, so \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) and \(U(\mathcal {F}) = U(\dot {\|}\mathcal {F})\) by Proposition 1.

Let \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\). This means by Definition 10 that \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {E}\) and \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = \mathbf {T}\) where \(V = \text {vars}(\mathcal {E}) = \text {vars}(\mathcal {F})\). Consider two cases for each E _i : either σ ∈ Σ _i or σ ∉ Σ _i .

• If σ ∈ Σ _i , then it follows by Definition 14 that \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} y_{i}\) in E _i . In this case, ρ(σ) ∈ ρ(Σ _i ), and it follows by construction of \({\to _{i}^{F}}\) that \(x_{i} {~}^{\underrightarrow {\,\,\rho (\sigma ):{\Delta }_{\mathcal {F}}(\sigma )\,\,}} y_{i}\) in F _i .

• If σ ∉ Σ _i then x _i = y _i by Definition 14, and ρ(σ) ∉ ρ(Σ _i ).

Combining these observations for all i, it follows by Definition 14 that \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\,\,\rho (\sigma ):{\Delta }_{\mathcal {F}}(\rho (\sigma ))\,\,}} (y_{1},\ldots ,y_{n})\) in \(F_{1} \dot {\|} {\cdots } \dot {\|} F_{n} = \dot {\|}\mathcal {F}\). Furthermore, note that by construction \({\Delta }_{\mathcal {F}}(\rho (\sigma )) = \bigvee _{\sigma ^{\prime } \in \rho ^{-1}(\rho (\sigma ))} {\Delta }_{\mathcal {E}}(\sigma ^{\prime })\), which implies \({\Xi }_{V}({\Delta }_{\mathcal {F}}(\rho (\sigma ))) \Leftrightarrow \bigvee _{\sigma ^{\prime } \in \rho ^{-1}(\rho (\sigma ))} {\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ^{\prime }))\) by assumption (i). Then it follows from σ ∈ ρ ⁻¹(ρ(σ)) and \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = \mathbf {T}\) that \({\Xi }_{V}({\Delta }_{\mathcal {F}}(\rho (\sigma )))(\hat {v},\hat {w}) = \mathbf {T}\). Then it follows from Definition 10 that \((x_{1},\ldots ,x_{n},\hat {v}) {~}^{\underrightarrow {\,\,\rho (\sigma )\,\,}} (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\dot {\|}\mathcal {F}) = U(\mathcal {F})\). □

Lemma 22

Let \(\mathcal {E} = \{E_{1},\ldots , E_{n}\}\) be a normalised EFSM system with \(E_{i} = \langle {\Sigma }_{i},Q_{i},\to _{i},Q^{\circ }_{\omega },Q^{\omega }_{i}\rangle \) . Let ρ be a renaming such that the following conditions hold for all \(\sigma _{1},\sigma _{2} \in {\Sigma }_{\mathcal {E}}\) with ρ(σ ₁ ) = ρ(σ ₂):

1. (i)

   \(\text {vars}^{\prime }({\Delta }_{\mathcal {E}}(\sigma _{1})) = \text {vars}^{\prime }({\Delta }_{\mathcal {E}}(\sigma _{2}))\),

2. (ii)

   for all i = 1, … , n it holds that σ ₁ ∈ Σ _i if and only if σ ₂ ∈ Σ _i , and for all x,y ∈ Q _i it holds that \(x {{~}^{\underrightarrow {{\sigma _{1}:{\Delta }_{\mathcal {E}}(\sigma _{1})}}}}_{i} y\) if and only if \(x {{~}^{\underrightarrow {\sigma _{2}:{\Delta }_{\mathcal {E}}(\sigma _{2})}}}_{i} y\)

Further let \(\mathcal {F}=\{F_{1},\ldots , F_{n}\}\) such that \(F_{i} = \langle \rho ({\Sigma }_{i}), Q_{i}, {\to _{i}^{F}} , Q^{\circ }_{i}, Q^{\omega }_{i}\rangle \) where \({\to _{i}^{F}} =\, \{ (x,\rho (\sigma ), {\Delta }_{\mathcal {F}}(\rho (\sigma )), y) \mid x {~}^{\underrightarrow {\sigma :{\Delta }_{\mathcal {E}}(\sigma )}} y \,\}\) and \({\Delta }_{\mathcal {F}}(\mu ) \equiv \bigvee _{\sigma \in \rho ^{-1}(\mu )} {\Delta }_{\mathcal {E}}(\sigma )\) for all \(\mu \in {\Sigma }_{\mathcal {F}}\) . Then \((x_{1},\ldots ,x_{n},\hat {v}) {~}^{\underrightarrow {\mu }} (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\mathcal {F})\) implies \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\mathcal {E})\) for some \(\sigma \in {\Sigma }_{\mathcal {E}}\) such that ρ(σ) = μ.

Proof

Note that \(\mathcal {E}\) and \(\mathcal {F}\) are normalised, so \(U(\mathcal {E}) = U(\dot {\|}\mathcal {E})\) and \(U(\mathcal {F}) = U(\dot {\|}\mathcal {F})\) by Proposition 1.

Assume \((x_{1},\ldots ,x_{n},\hat {v}) {~}^{\underrightarrow {\mu }} (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\mathcal {F}) = U(\dot {\|}\mathcal {F})\). Then it holds that by Definition 10 that \((x_{1},\ldots , x_{n}) {~}^{\underrightarrow {\,\,\mu :p\,\,}} (y_{1},\ldots , y_{n})\) in \(\dot {\|}\mathcal {F}\) where \(p \equiv {\Delta }_{\mathcal {F}}(\mu ) \equiv \bigvee _{\sigma \in \rho ^{-1}(\mu )}{\Delta }_{\mathcal {E}}(\sigma )\), and \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\) where \(V = \text {vars}(\mathcal {F})\). As \(p \equiv \bigvee _{\sigma \in \rho ^{-1}(\mu )}{\Delta }_{\mathcal {E}}(\sigma )\) and \({\Xi }_{V}(p)(\hat {v},\hat {w}) = \mathbf {T}\), there exists σ ∈ ρ ⁻¹(μ) such that \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = \mathbf {T}\). Note, as σ ∈ ρ ⁻¹(μ) it holds that ρ(σ) = μ. Consider two cases for each E _i : either σ ∈ Σ _i or σ ∉ Σ _i .

• If σ ∈ Σ _i then μ = ρ(σ) ∈ ρ(Σ _i ), which by Definition 14 implies \(x_{i} {~}^{\underrightarrow {\,\,\mu :p\,\,}} y_{i}\) in F _i . By construction of \({\to ^{F}_{i}}\), this means \(x_{i} {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} y_{i}\) in E _i .

• If σ ∉ Σ _i , then μ ∉ ρ(Σ _i ) and x _i = y _i by Definition 14.

Combining the above observations for all i, it follows by Definition 14 that \((x_{1},\ldots ,x_{n}) {~}^{\underrightarrow {\,\,\sigma :{\Delta }_{\mathcal {E}}(\sigma )\,\,}} (y_{1},\ldots ,y_{n})\) in \(\dot {\|}\mathcal {E}\). As \({\Xi }_{V}({\Delta }_{\mathcal {E}}(\sigma ))(\hat {v},\hat {w}) = \mathbf {T}\), it follows that \((x_{1},\ldots ,x_{n},\hat {v}) \overset {\sigma }{\rightarrow } (y_{1},\ldots ,y_{n},\hat {w})\) in \(U(\dot {\|}\mathcal {E}) = U(\mathcal {E})\). □

Proposition 12 (Update Merging)

Let \(\mathcal {E} = \{E_{1},\ldots , E_{n}\}\) be a normalised EFSM system with \(E_{i} = \langle {\Sigma }_{i},Q_{i},\to _{i},Q^{\circ }_{\omega },Q^{\omega }_{i}\rangle \) . Let ρ be a renaming such that the following conditions hold for all \(\sigma _{1},\sigma _{2} \in {\Sigma }_{\mathcal {E}}\) with ρ(σ ₁ ) = ρ(σ ₂):

1. (i)

   \(\text {vars}^{\prime }({\Delta }_{\mathcal {E}}(\sigma _{1})) = \text {vars}^{\prime }({\Delta }_{\mathcal {E}}(\sigma _{2}))\),

2. (ii)

   for all i = 1, … , n it holds that σ ₁ ∈ Σ _i if and only if σ ₂ ∈ Σ _i , and for all x,y ∈ Q _i it holds that \(x {{~}^{\underrightarrow {{\sigma _{1}:{\Delta }_{\mathcal {E}}(\sigma _{1})}}}}_{i} y\) if and only if \(x {{~}^{\underrightarrow {\sigma _{2}:{\Delta }_{\mathcal {E}}(\sigma _{2})}}}_{i} y\)

Further let \(\mathcal {F}=\{F_{1},\ldots , F_{n}\}\) such that \(F_{i} = \langle \rho ({\Sigma }_{i}), Q_{i}, {\to _{i}^{F}} , Q^{\circ }_{i}, Q^{\omega }_{i}\rangle \) where \({\to _{i}^{F}} =\, \{ (x,\rho (\sigma ), {\Delta }_{\mathcal {F}}(\rho (\sigma )), y) \mid x {~}^{\underrightarrow {\sigma :{\Delta }_{\mathcal {E}}(\sigma )}} y \,\}\) and \({\Delta }_{\mathcal {F}}(\mu ) \equiv \bigvee _{\sigma \in \rho ^{-1}(\mu )} {\Delta }_{\mathcal {E}}(\sigma )\) for all \(\mu \in {\Sigma }_{\mathcal {F}}\) . Then \(\mathcal {E}\) is nonblocking if and only if \(\mathcal {F}\) is nonblocking.

Proof

First assume \(\mathcal {E}\) is nonblocking, which means that \(U(\mathcal {E})\) is nonblocking. It will be shown that \(\mathcal {F}\) is nonblocking. Let \(U(\mathcal {F}) {~}^{\underrightarrow {\mu _{1}}} ({x^{1}_{1}},\ldots ,{x^{1}_{n}},\hat {v}^{1}) {~}^{\underrightarrow {\mu _{2}}} \cdots {~}^{\underrightarrow {\mu _{1}}}({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\). By Lemma 22, there exist events σ ₁, … , σ _l such that \(U(\mathcal {E}) {~}^{\underrightarrow {\sigma _{1}}} ({x^{1}_{1}},\ldots ,{x^{1}_{n}},\hat {v}^{1}) {~}^{\underrightarrow {\sigma _{2}}} {\cdots } {~}^{underrightarrow{\sigma _{l}}} ({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\). Since \(U(\mathcal {E})\) is nonblocking, there exists a path \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\sigma _{l+1}}} {\cdots } {~}^{\underrightarrow {\sigma _{m}}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {v}^{m})\) in \(U(\mathcal {E})\) such that \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). From Lemma 21, it follows that \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\rho (\sigma _{l+1})}} {\cdots } {~}^{\underrightarrow {\rho (\sigma _{m})}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {v}^{m})\) in \(U(\mathcal {F})\) and \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). Since \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) was chosen arbitrarily, it follows that \(U(\mathcal {F})\) is nonblocking, i.e., \(\mathcal {F}\) is nonblocking.

Conversely assume \(\mathcal {F}\) is nonblocking, which means that \(U(\mathcal {F})\) is nonblocking. Let \(U(\mathcal {E}) {~}^{\underrightarrow {\sigma _{1}}} ({x^{1}_{1}},\ldots , {x^{1}_{n}}, \hat {v}^{1}) {~}^{\underrightarrow {\sigma _{2}}} {\cdots } {~}^{\underrightarrow {\sigma _{l}}} ({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\). By Lemma 21, it holds that \(U(\mathcal {F}) {~}^{\underrightarrow {\rho (\sigma _{1})}} ({x^{1}_{1}},\ldots , {x^{1}_{n}},\hat {v}^{1}) {~}^{\underrightarrow {\rho (\sigma _{2})}} {\cdots } {~}^{\underrightarrow {\rho (\sigma _{l})}} ({x^{l}_{1}},\ldots , {x^{l}_{n}},\hat {v}^{l})\). As \(U(\mathcal {F})\) is nonblocking, there exists a path \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\mu _{l+1}}} {\cdots } {~}^{\underrightarrow {\mu _{m}}} ({x^{m}_{1}},\ldots , {x^{m}_{n}},\hat {v}^{m})\) in \(U(\mathcal {F})\) such that \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). By Lemma 22, there exist events σ ₁₊₁, … , σ _m such that \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l}) {~}^{\underrightarrow {\sigma _{l+1}}} {\cdots } {~}^{\underrightarrow {\sigma _{m}}} ({x^{m}_{1}},\ldots ,{x^{m}_{n}},\hat {v}^{m})\) in \(U(\mathcal {E})\) and \(({x^{m}_{1}},\ldots ,{x^{m}_{n}}) \in Q^{\omega }_{1} \times \cdots \times Q^{\omega }_{n}\). As \(({x^{l}_{1}},\ldots ,{x^{l}_{n}},\hat {v}^{l})\) was chosen arbitrarily, it follows that \(U(\mathcal {E})\) is nonblocking, i.e., \(\mathcal {E}\) is nonblocking. □