A theory of timed automata

A Theory of Timed AutomataRajeev Alur David L. Dill

Bettacchi AlessandroPaoletti Nicola

Timed Automata Talk – 24/03/2009Università di Camerino

1

A Theory of Timed Automata 2

• ω-languages• Transition tables• Büchi• Müller

A Theory of Timed Automata - ω-automata 3

Formal Languages vs ω-Language

Generic Formal Language ω-Language

• (Finite) alphabet Σ• A formal language L is a subset

of Σ*, the set of all the finite words over Σ.

• Represented by a (non)deterministic finite automaton

• (Finite) alphabet Σ• A ω- language L is a subset of

Σω, the set of all the infinite words over Σ.

• ω- automata provide a finite representation for such languages with infinite words

4A Theory of Timed Automata - ω-automata

Transition Table - DefinitionA transition table A is a tuple ⟨Σ , S, S0, E⟩, where

• Σ is an input alphabet• S is a finite set of automaton states• S0 ⊆ S is a set of start states

• E ⊆ S x S x Σ is a set of edges• If <s, s’, a> ∈ E, the automaton can change its state from s to s’

reading the input symbol a.Let σ= σ1σ2σ3 … be a word over Σ and s0 ∈ S0. A run r of A over σ is

defined as follows:r: s0 s1 s2 ….. where <si-1, si, σi> ∈ E, for each i>0.

For such a run, the set inf (r) consists of the states s ∈ S such that s = si for infinitely many i ≥ 0.

5

σ1 σ2

A Theory of Timed Automata - ω-automata

Deterministic Transition Table

A = ⟨Σ , S, S0, E⟩ is a deterministic transition table iff

• |S0| = 1 (a single start state)

• Provided s ∈ S and a ∈ Σ, |{ <s, s’, a> ∈ E}| = 1 (the current state and the next input symbol determine the next state uniquely)

A deterministic automaton has at most one run over a given word


Example of ω-automata:Büchi automata

• A Büchi automaton A is a transition table ⟨Σ , S, S0, E⟩, with an additional set F ⊆ S of accepting states.

• A run r of A over a word σ ∈ Σω is an accepting run iff inf (r) ∩ F ≠ ∅ . In other words, a run r is accepting iff some state from the set F repeats infinitely often along r.

• The language L(A) accepted by A consists of the words σ ∈ Σω such that A has an accepting run over σ.

• A ω-language is called ω-regular iff it is accepted by some Büchi automaton


Example of ω-automata:Müller automata

• A Müller automaton A is a transition table ⟨Σ , S, S0, E⟩, with an acceptance family F ⊆ 2S.

• A run r of A over a word σ ∈ Σω is an accepting run iff inf (r) ∈ F. That is, a run r is accepting iff the set of states repeating infinitely often along r equals some set in F .

• The language L(A) accepted by A consists of the words σ ∈ Σω such that A has an accepting run over σ.

• The class of languages accepted by Müller automata is the same as that accepted by Büchi automata, and also equals that accepted by deterministic Müller automata.


Müller automata - Example

• The deterministic Müller automaton below accepts all the infinite words over {a,b} with a finite number of b.

• The acceptance family is {{s1}}

• L(A) = (a+b)*aω


• Timed (Regular) Languages• Timed Transition Tables• TBA, TMA

10A Theory of Timed Automata – Timed Automata

Timed Languages

• A time sequence τ = τ1 τ2 … is an infinite sequence of time values τi ∈ R (i>0), satisfying the following constraints:

• Monotonicity: τi < τi+1 , for all i>0.

• Progress: For every t ∈ R, there is some i >0 such that τi > t.

• A timed word over an alphabet Σ is a pair (σ, τ) where σ = σ1 σ2… is an infinite word over Σ and τ is a time sequence.

• A timed language over Σ is a set of timed words over Σ. • If a timed word (σ, τ) is viewed as an input to an automaton, it

presents the symbol σi at time τI


Untime(L)

• For a timed language L over Σ, Untime(L) is the ω-language consisting of σ ∈ Σω such that (σ, τ) ∈ L for some time sequence τ.

• Example: Let be Σ={a,b} and L={(σ, τ) | ∀i, (τi > 5.6) → (σi = a)}; so defined, L contains all the timed words over Σ with no b after time 5.6. In this case, Untime(L) = (a+b)*aω


Timed Transition Table - Overview

• Extends the concept of transition table in order to read timed words• A timed transition table is associated with a finite set of (real-

valued) clocks.• A clock can be set to zero simultaneously with any transition. • At any instant, the reading of a clock equals the time elapsed since

the last time it was reset. • Each transition is associated to a clock constraint so that the

transition may be taken only if the current values of the clocks satisfy this constraint


Clock constraints and clock interpretations

• For a set X of clock variables, the set Φ(X) of clock constraints δ is defined inductively by: δ := x ≤ c | c ≤ x | ¬δ | δ1 ∧ δ2, where x ∈ X is a clock and c ∈ Q is a rational value.

• A clock interpretation v for a set X of clocks assigns a real value to each clock.

• For t ∈ R,• v + t denotes the clock interpretation which maps every clock x to the

value v(x) + t (at the same way, v⋅t → v(x)⋅t) • For Y ⊆ X, [Y |→t]v denotes the clock interpretation for X which

assigns t to each x ∈ Y , and agrees with v over the rest of the clocks.


Timed Transition Table - Formally

A timed transition table A is a tuple ⟨Σ, S, S0, C, E⟩ where:

• Σ is a finite alphabet• S is a finite set of states• S0 ⊆ S is a set of start states

• C is a finite set of clocks• E ⊆ S x S x Σ x 2C x Φ(C) gives the set of transitions. An edge <s,

s’, a, λ, δ> represents a transition from state s to state s’ on input symbol a. The set λ ⊆ C gives the clocks to be reset with this transition, and δ is a clock constraint over C.


Timed Transition Table - Run

• A run r, denoted by (s, v), of a timed transition table ⟨Σ, S, S0, C, E⟩ over a timed word (σ, τ) is an infinite sequence of the form:

r: ⟨s0, v0⟩ ⟨s1, v1⟩ ⟨s2, v2⟩……with si ∈ S and vi ∈ [C|→R], for all i ≥ 0, satisfying the following

requirements: • Initiation: s0 ∈ S0, and v0(x) = 0 for all x ∈ C.

• Consecution: for all i >0, there is an edge in E of the form <si-1, si, ai, λi, δi> such that (vi-1 + τi - τi-1) satisfies δi and vi

equals [λi |→0](vi-1 + τi - τi-1).

• The set inf(r) consists of those states s ∈ S such that s = si for infinitely many i ≥ 0.


σ1

τ1 σ2

τ2

Example

• The above timed transition table uses two clocks (x and y) and accept the language

L={((abcd)ω, τ) | ∀i (τ4i+3 < τ4i+1 + 1) ∧ (τ4i+4 > τ4i+2 + 2)}(from s1 to s3 the timevalue must be < 1 and from s2 to s0 must be > 2)

• Consider the timed word (a, 2)→(b, 2.7)→(c, 2.8)→(d, 5)→... The run over such word on this timed transition table is: ⟨s0, [0,0]⟩ → ⟨s1, [0,2]⟩ → ⟨s2, [0.7, 0]⟩ → ⟨s3, [0.8, 0.1]⟩ → ⟨s0 [3, 2.3]⟩ →...


a2

b2.7

c2.8

d5

TBA and Timed Regular Language

• A Timed Büchi Automaton (TBA) A is a timed transition table ⟨Σ, S, S0, C, E ⟩, with an additional set F ⊆ S of accepting states.

• A run r of A over a timed word (σ, τ) is an accepting run iff inf (r) ∩ F ≠ ∅ .

• The timed language L(A) accepted by A consists of the timed words (σ, τ) such that A has an accepting run over (σ, τ).

• A timed language L is a timed regular language iff L = L(A) for some TBA A


Timed Regular Languages - PropertiesCLOSURE PROPERTIES UNTIME PROPERTIES

The class of timed regular languages is closed under (finite) union and intersection.

Let L be a timed regular language. For every word σ, σ ∈ Untime(L) iff there exists atime sequence τ such that τi ∈ Q

for all i >0, and (σ, τ) ∈ L.

(Provided a timed automata A, Untime(L(A)) remains the same if requiring the time values in the time sequence to be rationals instead of reals)


Timed Müller Automata

• A Timed Müller Automaton (TMA) A is a timed transition table ⟨Σ, S, S0, C, E ⟩, with an acceptance family F ⊆ 2S.

• A run r of A over a timed word (σ, τ) is an accepting run iff inf (r) ∈ F.

• For A TMA, L(A)={(σ, τ) | A has an accepting run over (σ, τ)}

• A timed language is accepted by TBA iff it is accepted by some TMA(TBA and TMA has the same expressive power)

So,

• A timed language L is a timed regular language iff L = L(A) for some TMA A


• Clock Regions• Region Automaton• Complexity of checking emptiness

A Theory of Timed Automata – Checking Emptiness 21

Checking Emptiness

• In this part, we discuss a method to check the emptiness of a timed language

• Infinite accepting paths is a necessary condition for language non-emptiness

• But, time constraints play a crucial role

• It has been proved that, for checking emptiness, it’s possible to restrict time constraints to integer values

22A Theory of Timed Automata – Checking Emptiness

Clock Regions - Overview

• Extended States: For a timed transition table A = ⟨Σ, S, S0, C, E⟩, an extended state is a pair ⟨s,v⟩ where s ∈ S and v is a clock interpretation for C.

• Idea: The set of possible extended states for a timed transition table is infinite, but it can be partitioned into a finite collection of equivalence classes such that the runs starting from extended states in the same equivalence class are very similar.

• Some definitions: • For any t ∈ R, fract(t) denotes the fractional part of t, while t denotes the integral

part of t. (t=3.125 , fract(t) =0.125, t =3)• For each x ∈ C, cx is the largest integer c which is compared with the clock x

among all the time constraints appearing in E


How to partition? Some Observations• If two extended states with the same s ∈ S e agree on the integral

parts of all clock values, and also on the ordering of the fractional parts of all clock values, they should be in the same class. (The integral parts of the clock values are needed to determine whether or not a particular clock constraint is met, whereas the ordering of the fractional parts is needed to decide which clock will change its integral part first).

• For example, if two clocks x and y are between 0 and 1 in an extended state, then a transition with clock constraint (x = 1) can be followed by a transition with clock constraint (y = 1), iff (x < y).

• Moreover, the value of a clock x is irrelevant if it’s strictly greater than cx


Clock Regions - Definition

• Let A = ⟨Σ, S, S0, C, E⟩ be a timed transition table. A clock region for A is an equivalence class of clock interpretations induced by a relation ∼ ⊆ ([C|→R])2 such that v ∼ v’ iff the following conditions hold:

• For all x ∈ C, either v(x) and v’(x) are the same, or both v(x) and v’(x) are greater than cx.

• For all x, y ∈ C with v(x) ≤ cx and v(y) ≤ cy, fract (v(x)) ≤ fract (v(y)) iff fract (v’(x)) ≤ fract (v’(y))

• For all x∈ C with v(x) ≤ cx fract (v(x)) = 0 iff fract (v’(x)) = 0

Lemma: The number of clock regions is bounded by |C|! ⋅ 2|C| ⋅ Π x ∈ C (2cx +2)

Notation: [v] represents the clock region which v belongs to


Clock Regions - Example

• Consider a timed transition table A with two clocks x and y with cx = 2 and cy = 1. The clock regions are shown in the figure below.

• Note that there are only a finite number of regions (28). Also note that for a clock constraint δ of A, if v ∼ v’ then v satisfies δ iff v’ satisfies δ. So a clock region α satisfies a clock constraint δ iffevery v ∈ α satisfies δ. Each region can be represented by specifying


The region automaton

• Provided a Timed Transition Table A, the Region Automaton of A, denoted by R(A), is a transition table such that:▫ Each state of R(A) is described by a state of A and a clock region, with

the interpretation that if ⟨s, v⟩ is an extended state of A, the state of R(A) is ⟨s, [v]⟩.

▫ R(A) starts of the form ⟨s0, [v0]⟩ where s0 is a start state of A and v0 assigns the time value 0 to all the clocks.

▫ R(A) has an edge from ⟨s, α⟩ to ⟨s’, α’⟩ labelled with a iff A from state s can make a transition on a to the extended state ⟨s, v’⟩ for some v’ in α’.

• Def: A clock region α’ is a time-successor of a clock region α iff for each v ∈ α, there exists t ∈ R+ such that v + t ∈ α’ .


The region automaton – Formally

• Let A = ⟨Σ, S, S0, C, E⟩ be a timed transition table; R(A) is a transition table such that:▫ The states of R(A) are in the form ⟨s, α⟩ where s ∈ S and α is a clock

region.▫ The initial states are in the form ⟨s0, [vo]⟩ where s0 ∈ S0 and v0(x) = 0 for

each x ∈ C. ▫ R(A) has an edge ⟨⟨s, α⟩, ⟨s’, α’⟩, a⟩ iff there is an edge ⟨s, s’, a, λ, δ⟩ ∈ E

and a region α’’ such that:e α’’ is a time successor of αs α’’ satisfies δs α’ = [λ |→0] α’’


The region automaton – Run - 1

• Def: For a run r = (s, v) of the form: r: ⟨s0, v0⟩ ⟨s1, v1⟩ … it’s possible to define its projection [r] = (s, [v]) as the sequence: [r]: ⟨s0, [v0]⟩ ⟨s1, [v1]⟩ …

• So defined [r] is a run of R(A) over σ.

• Since time progresses without bound long r for every clock x ∈ C, it holds that:• Either x is reset infinitely often (x=0)• Or from a certain time, it increases without bound (x>cx)


σ1

τ1 σ2

τ2

σ1σ2

The region automaton – Run - 2

• Def: A run r = (s, α) of R(A) of the form: r: ⟨s0, α0⟩ ⟨s1, α 1⟩ … is progressive iff for each clock x ∈ C, there are infinitely many i ≥ 0 such that αi satisfies [(x= 0) ∨ (x>cx)].

• Thus for a run r of A over (σ, τ), [r] is a progressive run of R(A) over σ.

• Lemma: If r is a progressive run of R(A) over σ, then there exists a time sequence τ and a run r’ of A over (σ, τ) such that r equals [r’].


σ1σ2

Progressive run – Example - 1


Consider the timed automaton A0 in the figure and the corresponding region automaton R(A0).• Σ = {a, b, c, d}• cx=1 and cy=1• Every state is an accepting state

•Every run of R(A0) has a suffix among these forms:•A0 cycles between ⟨S1, [0=y<x<1] ⟩ and ⟨S3, [0<y<x<1] ⟩•A0 stays in ⟨S3, [0<y<1<x] ⟩ with the self-loop•A0 stays in ⟨S3, [x>1, y>1] ⟩ with the self-loop

Progressive run – Example - 2

• It’s clear to see that only the third case represents a progressive run because

• y is reset infinitely often, but x is not; moreover x is never greater than cx. NO PROGRESSIVE

• x is unbounded, but y is not; moreover y is reset finitely often. NO PROGRESSIVE

• Both x and y are unbounded (greater than cx and cy respectively). PROGRESSIVE!


The Untiming Construction

• Theorem 1: Given a TBA A = ⟨Σ, S, S0, C, E, F⟩, there exists a Büchi Automaton over Σ, accepting Untime[L(A)]. (This theorem also holds for TMAs and Müller automata)

• The proof is based on the concept that for a timed automaton A, its region automaton can be used to recognize Untime[L(A)].

• Theorem 2: Given a TBA A = ⟨Σ, S, S0, C, E, F⟩, the emptiness of L(A) can be checked in time O((|S|+|E|)⋅2|δ(A)|).

• Theorem 2 is proved building a Büchi Automaton A’ =⟨Σ, S’, S0’, E, F ⟩ as described in Theorem 1 and showing that the time need to check L(A) emptiness is linear to |S’|+|E’|


Untiming – Example


Consider A0 and R(A0) of the previous example. We know that the only progressive run of R(A0) is the one which stays infinitely often in the state ⟨S3, [x>1, y>1] ⟩.

So R(A0) can be changed to a Büchi automaton (accepting Untime[L(A0)] as the previous theorem states) choosing the accepting set F={⟨S3, [x>1, y>1] ⟩}.

Consequently:Untime[L(A 0)] = L[R(A 0)]=(ac) +d ω

Checking Emptiness – Computational Complexity - 1• The problem of deciding the emptiness of the language

of a given timed automaton A, is PSPACE-complete.

• Proof:4. Emptiness ∈ PSPACE:

Since the number of states of the region automaton is exponential in the number of clocks of A, we cannot construct the entire transition table. But it is possible to (nondeterministically) check for nonemptiness of the region automaton by building a path of the desired form using only polynomial space.


Checking Emptiness – Computational Complexity - 2• Proof:2. Emptiness is PSPACE-hard:

Since the number of states of the region automaton is exponential in the number of clocks of A, we cannot construct the entire transition table. But it is possible to (nondeterministically) check for nonemptiness of the region automaton by building a path of the desired form using only polynomial space.


Documents

A theory of timed automata