

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSEIndian Institute of Technology Kanpur  
CS637 Embedded and Cyber-Physical Systems

Homework Assignment 3

Deadline: November 8, 2024

Total: 40 marks

**Problem 1.** (10 points)Consider the following state machine over the set of atomic propositions  $\{a, b\}$ :

Decide for each of the following LTL specifications whether the model satisfies it. For the positive outcome, provide a proof. For the negative outcome, provide a counterexample trace.

Note that the symbols  $\bigcirc$ ,  $\square$ ,  $\diamond$ , and  $\text{U}$  represent the “next”, “always”, “eventually”, and “until” temporal operators respectively.

- (a)  $\bigcirc \bigcirc \bigcirc a$
- (b)  $\square b$
- (c)  $\square \diamond a$
- (d)  $\square(b \text{U} a)$
- (e)  $\diamond(a \text{U} b)$

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSESol. 1

(a)  $\square \square a$  represents that after 3 "next", proposition 'a' should hold.

for the following sequences  $\{a\}$  is held.

$$S_1 \rightarrow S_2 \rightarrow S_3 \rightarrow S_1 ; S_1 \models a \}$$

$$S_2 \rightarrow S_3 \rightarrow S_1 \rightarrow S_2 ; S_2 \models a \}$$

$$S_3 \rightarrow S_2 \rightarrow S_1 \rightarrow S_3 ; S_3 \models a, b \}$$

$$S_4 \rightarrow S_2 \rightarrow S_3 \rightarrow S_1 ; S_3 \models a, b \}$$

$\therefore S_1, S_2, S_3$  are in a cycle  $\models$  at every state 'a' is satisfied

$\therefore$  The model ~~speci~~ satisfies LTL specifications.

(b)  $\square b$  represents that 'b' always hold for every state along every possible path.

$\therefore$  In  $S_1 \& S_2$  only 'a' is true

Counterexample  $S_4 \rightarrow S_2 \rightarrow S_3 \rightarrow S_1$ , 'b' doesn't always hold

$\therefore$  Model doesn't satisfy the LTL specifications.

(c)  $\square \diamond a$  represents 'a' should eventually hold at some point on every path & for every position in any infinite path.

$\therefore S_3$  contains 'a' & all paths ~~lead~~ lead to  $S_3$ . Path that starts from  $S_4$  terminates at  $S_1, S_2$  or  $S_3$  in which case also 'a' holds.

$\therefore$  Model satisfies the LTL specifications.

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSEIndian Institute of Technology Kanpur  
CS637 Embedded and Cyber-Physical Systems

Homework Assignment 3

Deadline: November 8, 2024

(d)  $\Box(b \vee a)$  represents that along every path, 'b' should hold until 'a' holds.

In  $s_2$ , 'b' is false but 'a' is true  
Even example:  $s_4 \rightarrow s_2$

$\therefore$  Model doesn't satisfy the LTL specifications

(e)  $\Diamond(a \vee b)$  represents at some point on every path 'a' will hold until 'b' eventually holds

for  $s_4 \rightarrow s_2 \rightarrow s_3$ , 'b' eventually holds after 'a'

for paths starting from  $s_3$ ,  $s_1, s_2, s_3$  are in cycle & for  $s_3$ , both 'a' & 'b' both hold.

$\therefore$  Model satisfies the LTL specifications

Name:

Mansi Sodhani

Roll No:  
e.g. 170001

210591

Dept.:  
e.g. CSE

CSE

**Indian Institute of Technology Kanpur  
CS637 Embedded and Cyber-Physical Systems****Homework Assignment 3***Deadline: November 8, 2024*

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE

**Indian Institute of Technology Kanpur**  
**CS637 Embedded and Cyber-Physical Systems**  
**Homework Assignment 3**  
*Deadline: November 8, 2024*

---

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE**Problem 2.** (10 points)

Consider the two state machines in Figure 1 and answer the following questions:



Figure 1

- (a) Does the state machine  $M_1$  simulate the state machine  $M_2$ ? If yes, provide the simulation relation. If no, provide a transition of  $M_2$  that  $M_1$  cannot match.
- (b) Does the state machine  $M_2$  simulate the state machine  $M_1$ ? If yes, provide the simulation relation. If no, provide a transition of  $M_1$  that  $M_2$  cannot match.
- (c) Are the two state machines bisimilar? If yes, provide the bisimulation relation. If no, provide one reason.

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSEIndian Institute of Technology Kanpur  
CS637 Embedded and Cyber-Physical Systems

Homework Assignment 3

Deadline: November 8, 2024

Sol. 2 (a) Establishing type equivalence between  $M_1$  &  $M_2$ :

Let  $P_i$ : set of input parts of machine  $i$   
 $Q_i$ : set of output parts of machine  $i$

$v_p, v_q$ : type of input & output parts respectively with  $p \in P_1, q \in Q_1$

$v'_p, v'_q$ : type of input & output parts respectively with  $p \in P_2, q \in Q_2$

for type equivalence, required condition:

$$\textcircled{1} \quad P_2 = P_1 \quad \textcircled{2} \quad Q_1 = Q_2$$

$$\textcircled{3} \quad v_p = v'_p \quad \text{and } p \in P_2 \quad \textcircled{4} \quad v'_q = v_q \quad \text{and } q \in Q_1$$

Name: Mansi Sodhani

Roll No:  
e.g. 170001

210591

Dept.:  
e.g. CSE

CSE

We are given  $P_1 = P_2 = \{x\}$  -①;  $x$  is pure  
 $Q_1 = Q_2 = \{y_1, y_2, y_3, y_4\}$  -②  $y_i$  is pure  
 $\forall i \in \{1, 2, 3, 4\}$

$v_x = v_{x'} =$  Pure signal -③

let  $q \in Q_1$ ,  $v_q = v_q' =$  Pure signal -④

All 4 conditions are satisfied

$\therefore M_1$  &  $M_2$  are type equivalent

States<sub>1</sub> =  $\{s_0, s_1, s_2, s_3, s_4\}$

States<sub>2</sub> =  $\{t_0, t_1, t_2, t_3\}$

(a) Consider following:

$M_2 : t_0 \xrightarrow{x/y_1} t_1 \xrightarrow{x/y_3} t_3$

$M_1 : s_0 \xrightarrow{x/y_1} s_1 \xrightarrow{x} \text{can't match,}$   
 $\text{only output } y_1$   
 $\text{is possible}$

$\therefore M_1$  doesn't simulate  $M_2$ .

(b) Consider the simulation relation  $S_{12}$ .

$S_{12} = \{(s_0, t_0), (s_1, t_1), (s_2, t_1), (s_3, t_2), (s_4, t_3)\}$

$\Rightarrow S_{12} \subseteq \text{States}_1 \times \text{States}_2$

Proof :  $\rightarrow$  Initial Condition = (Initial condition<sub>1</sub>, Initial Condition<sub>2</sub>)  
 $= (s_0, t_0) \in S_{12}$

$\rightarrow$  To show that if  $(s_i, t_j) \in S_{12}$ ,  
 $x$  is present &  $(s_k, y_l) \in$  possible  
update<sub>1</sub>  $(s_i, a)$  then  $\exists (t_m, y_n) \in$   
possible update<sub>2</sub>  $(t_j, a)$

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE

such that (a)  $(s_k', t_m') \in s_{12}$  &  
(b)  $y_1 = y_m$

Consider current state  $= (s_2, s_1) \in s_{12}$   
let  $x$  be present

Possible updates  $(s_2, x) = (s_4, y_3)$ .

Consider  $(t_3, y_3) \in$  Possible  
updates  $(t_1, x)$

Next,  $(s_4, t_3) \in s_{12}$  & output on both  
machines is  $y_3$ .

$\therefore$  All the conditions are satisfied, the above  
steps can be performed in all possible  
states. This proof holds true.

$\therefore M_2$  simulates  $M_1$ .

(c) As  $M_2$  simulates  $M_1$ , but inverse is  
not true ( $M_1$  doesn't simulate  $M_2$ )

$\therefore M_1$  &  $M_2$  aren't bisimilar.

~~Necessary but not sufficient condition~~  
for  $M_1$  &  $M_2$  to be bisimilar is  
that both  $M_1$  &  $M_2$  should simulate  
each other.

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE

**Indian Institute of Technology Kanpur**  
**CS637 Embedded and Cyber-Physical Systems**  
**Homework Assignment 3**  
*Deadline: November 8, 2024*

---

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSEIndian Institute of Technology Kanpur  
CS637 Embedded and Cyber-Physical Systems

Homework Assignment 3

Deadline: November 8, 2024

**Problem 3.** (10 points)

Consider the processes  $P_1$  and  $P_2$  with the shared variables  $b_1$ ,  $b_2$ , and  $x$ . Variables  $b_1$  and  $b_2$  are Boolean variables, while variable  $x$  can take either the value 1 or 2. Initially, each process  $P_i$  is in the non-critical section (i.e.,  $P_i$  is in location  $\text{noncrit}_i$ ). The scheduling strategy for giving the processes access to the critical section is realized using  $x$  as follows. If both processes want to enter the critical section (i.e.,  $P_i$  is in location  $\text{wait}_i$ ), the value of variable  $x$  decides which of the two processes may enter its critical section: if  $x = i$ , then  $P_i$  may enter its critical section  $\text{crit}_i$  (for  $i = 1, 2$ ). On entering location  $\text{wait}_1$ , process  $P_1$  performs  $x := 2$ , thus giving privilege to process  $P_2$  to enter the critical section. The value of  $x$  thus indicates which process has its turn to enter the critical section. Symmetrically,  $P_2$  sets  $x$  to 1 when starting to wait. The variables  $b_i$  provide information about the current location of  $P_i$ . More precisely,  $b_i$  is set when  $P_i$  starts to wait, and is reset when the process exits the critical section. In pseudocode,  $P_1$  performs as follows (the code for process  $P_2$  is similar):

```

 $P_1 \quad \text{loop forever}$ 
  :
  ( $*\text{noncritical actions}*$ )
   $b_1 := \text{true}; x := 2$ 
  wait until  $(x = 1 \vee \neg b_2)$  ( $*\text{request}*$ )
  do critical section od
     $b_1 := \text{false}$  ( $*\text{release}*$ )
  :
  ( $*\text{noncritical actions}*$ )
end loop

```

- (a) Draw the state machines for  $P_1$  and  $P_2$ .
- (b) Show the state machine that is obtained by asynchronous composition of  $P_1$  and  $P_2$ .
- (c) How many total states are there in the composed state machine? How many of them are reachable?
- (d) Provide an LTL formula that captures the requirement that the process  $P_1$  and  $P_2$  will not enter the critical section simultaneously. Using the composed state machine, determine whether the two systems satisfy the formula (property).

Sol. 3 We are given processes  $P_1$  &  $P_2$  with shared variables  $b_1, b_2, x$ .  $P_1$  &  $P_2$  have similar structure.

There are 3 states for each crit, noncrit, request release wait

(a)

State Machine for

 $P_1$ : $P_2$ :

(b) for  $P_1$  &  $P_2$  to have synchronization, the composed system must have states with combination of individual states of  $P_1$  &  $P_2$

(noncrit<sub>1</sub>, noncrit<sub>2</sub>)  $\Rightarrow$  (Both are in non critical)

(wait<sub>1</sub>, noncrit<sub>2</sub>), (noncrit<sub>1</sub>, wait<sub>2</sub>), (crit<sub>1</sub>, noncrit<sub>2</sub>),

(noncrit<sub>1</sub>, crit<sub>2</sub>), (wait<sub>1</sub>, wait<sub>2</sub>), (wait<sub>1</sub>, crit<sub>2</sub>), (crit<sub>1</sub>, wait<sub>2</sub>)

(crit<sub>1</sub>, crit<sub>2</sub>)

(c) There are total 9 states in the composed system out of which 8 are reachable, (crit<sub>1</sub>, crit<sub>2</sub>) is not reachable



Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE

(d) LTL formula ensuring  $P_1$  &  $P_2$  are never both in the critical section is

$\square \top (\text{crit}_1 \wedge \text{crit}_2)$  This formula implies that it's globally true that  $P_1$  &  $P_2$  are not in critical section simultaneously

Verification of mutual exclusion :  
from state machine

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE

**Indian Institute of Technology Kanpur**  
**CS637 Embedded and Cyber-Physical Systems**  
**Homework Assignment 3**  
*Deadline: November 8, 2024*

---

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE

**Indian Institute of Technology Kanpur**  
**CS637 Embedded and Cyber-Physical Systems**  
**Homework Assignment 3**  
*Deadline:* November 8, 2024

---

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE**Problem 4.** (10 points)

Consider the following program:

```
int count (int a, int b)
{
    int count;
    for (count = 0; count < 2; count++)
    {
        if (a > b)
            b = a + 1;
        else
            b = a - 1;
    }
    return b;
}
```

- (a) Draw a control flow graph for the program.
- (b) How many paths are there in the program? How many paths are feasible?
- (c) Assume the following:

- An assignment statement (for example, `count = 0`) requires 2 unit time for execution.
- A statement involving an arithmetic operation followed by an assignment (for example, `count ++, b = a + 1`) requires 6 unit time for execution.
- A comparison statement (for example, `count < 2`) requires 4 unit time for execution.

Compute a tight bound on the worst-case execution time for the program.

Name: Mansi Sodhani

Roll No:  
e.g. 170001

210591

Dept.:  
e.g. CSE

CSE

Sol. 4 (a) Control flow graph

(b) loop runs for 2 cycles i.e.  $count = 0, count = 1$   
 In each cycle there are 2 possible paths

$a \geq b$  : true or false  
 when  $count = 2$  loop terminates & function returns  
 Total no. of paths =  $2^2 = 4$



If  $a \geq b$ , after 1 cycle,  $b = a + 1$  i.e.  $b > a$   
 Hence in the next cycle  $a <= b$  is the  
 only possibility  $\Rightarrow$  Path 2 is feasible  
 while Path 1 is not feasible.

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSEIndian Institute of Technology Kanpur  
CS637 Embedded and Cyber-Physical Systems

Homework Assignment 3

Deadline: November 8, 2024

similarly if  $a \leq b$  then after 1 cycle  $b = a - 1$   
 i.e.  $a \geq b \therefore$  Path 3 is feasible but Path 4  
 is not feasible.  
 $\therefore$  Only 2 paths are feasible.

(C) time for  
 assignment statement = 2  
 arithmetic op & assignment = 6  
 comparison statement = 4

Worst case execution time  $T = \max \sum_{i=1}^N w_i x_i$

$w_i$ : time of execution

$x_i$ : no. of times block  $i$  is executed  
(when  $x_3$  is executed either  $x_4$  or  $x_5$  executed)

$x_1 = 1, x_6 = 1, x_2 = 3, x_3 = 2, x_4 + x_5 = x_3$   
 $w_1 = 2, w_2 = 4, w_3 = 4, w_4 = 6, w_5 = 6$   
 (assignment) (comparison) (comparison) arithmetic &  
 $w_6 = 0$  assignment

$$\begin{aligned} T &= w_1 x_1 + w_2 x_2 + w_3 x_3 + w_4 x_4 + w_5 x_5 + w_6 x_6 \\ &= 2 \times 1 + 4 \times 3 + 4 \times 2 + 6 \times 2 + 6 \times 1 + 0 \times 1 \\ &= 22 + 6(x_4 + x_5) = \underline{\underline{34 \text{ units}}} \end{aligned}$$

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE

**Indian Institute of Technology Kanpur**  
**CS637 Embedded and Cyber-Physical Systems**  
**Homework Assignment 3**  
*Deadline: November 8, 2024*

---

Name: Mansi Sodhani

Roll No: 210591  
e.g. 170001Dept.: CSE  
e.g. CSE

**Indian Institute of Technology Kanpur**  
**CS637 Embedded and Cyber-Physical Systems**  
**Homework Assignment 3**  
*Deadline: November 8, 2024*

---