In this AFP entry, we provide a formalisation of extended finite state machines (EFSMs) where models are represented as finite sets of transitions between states. EFSMs execute traces to produce observable outputs. We also define various simulation and equality metrics for EFSMs in terms of traces and prove their strengths in relation to each other. Another key contribution is a framework of function definitions such that LTL properties can be phrased over EFSMs. Finally, we provide a simple example case study in the form of a drinks machine.
\begin{quote}
\bigskip
\noindent{\textbf{Keywords:} Extended Finite State Machines, Automata, Linear Temporal Logic}
\end{quote}
\end{abstract}
\tableofcontents
\cleardoublepage
\chapter{Introduction}
This AFP entry formalises extended finite state machines (EFSMs) as defined in \cite{foster2018}. Here, models maintain both a \emph{control flow state} and a \emph{data state}, which takes the form of a set of \emph{registers} to which values may be assigned. Transitions may take additional input parameters, and may impose guard conditions on the values of both inputs and registers. Additionally, transitions may produce observable outputs and update the data state by evaluating arithmetic functions over inputs and registers.
As defined in \cite{foster2018}, an EFSM is a tuple, $(S, s_0, T)$ where
\begin{where}
\item [$S$] is a finite non-empty set of states.
\item [$s_0\in S$]is the initial state.
\item [$T$] is the transition matrix $T:(S \times S)\to\mathcal{P}(L \times\mathbb{N}\times G \times F \times U)$ with rows representing origin states and columns representing destination states.
\end{where}
In $T$
\begin{where}
\item [$L$] is a finite set of transition labels
\item [$\mathbb{N}$] gives the transition \emph{arity} (the number of input parameters), which may be zero.
\item [$G$] is a finite set of Boolean guard functions $G:(I \times R)\to\mathbb{B}$.
\item [$F$] is a finite set of \emph{output functions}$F:(I \times R)\to O$.
\item [$U$] is a finite set of \emph{update functions}$U:(I \times R)\to R$.
\end{where}
In $G$, $F$, and $U$
\begin{where}
\item [$I$] is a list $[i_0, i_1, \ldots, i_{m-1}]$ of values representing the inputs of a transition, which is empty if the arity is zero.
\item [$R$] is a mapping from variables $[r_0, r_1, \ldots]$, representing each register of the machine, to their values.
\item [$O$] is a list $[o_0, o_1, \ldots, o_{n-1}]$ of values, which may be empty, representing the outputs of a transition.
\end{where}
EFSM transitions have five components: label, arity, guards, outputs, and updates. Transition labels are strings, and the arities natural numbers. Guards have a defined type of \emph{guard expression} (\texttt{gexp}) and the outputs and updates are defined using \emph{arithmetic expressions} (\texttt{aexp}). Outputs are simply a list of expressions to be evaluated. Updates are a list of pairs with the first element being the index of the register to be updated, and the second element being an arithmetic expression to be evaluated.
