Effective Definability of the Reachability Relation in Timed Automata
Martin Fr\"anzle, Karin Quaas, Mahsa Shirmohammadi, James Worrell

TL;DR
This paper presents a new proof demonstrating that the reachability relation in timed automata can be defined using linear arithmetic, simplifying understanding and analysis of such systems.
Contribution
The paper provides a novel proof of the definability of the reachability relation in timed automata within linear arithmetic, building on prior work.
Findings
Reachability relation is definable in linear arithmetic
New proof simplifies previous understanding
Supports automated analysis of timed automata
Abstract
We give a new proof of the result of Comon and Jurski that the binary reachability relation of a timed automaton is definable in linear arithmetic.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Effective Definability of the Reachability Relation in Timed
Automata
Martin Fränzle
University Of Oldenburg
Karin Quaas
Universität Leipzig
Mahsa Shirmohammadi
CNRS & IRIF
James Worrell
University of Oxford
Abstract
We give a new proof of the result of Comon and Jurski that the binary reachability relation of a timed automaton is definable in linear arithmetic.
1 Introduction
Comon and Jurski [6, 7] showed that the binary reachability relation of a given timed automaton is effectively definable by a first-order formula of linear arithmetic over the reals augmented with a unary predicate denoting the integers. The proof of this result, given in [7], is based on a syntactic transformation of arbitrary timed automata into equivalent timed automata satisfying a certain structural restriction, called flatness. The proof is relatively long and technical (running to over 40 pages) and there have been a number of subsequent attempts to both generalise the result and simplify its proof [5, 8, 9, 10]. The present note is a development of [10, Sections III and IV] and further simplifies the proof of Comon and Jurski’s result therein. In particular, we avoid many technicalities of [10] by employing a simple “clock memorisation” trick to reduce computation of the binary reachability relation of a timed automaton to computation of the set of configurations reachable from a given location starting with the all-zeros clock valuation. We show how to recover the latter set of configurations as the commutative image of a certain regular language accepted by a variant of Alur and Dill’s region automaton (cf. [1]).
2 Definitions and Main Result
Given a set of clocks, the set of clock constraints is generated by the grammar
[TABLE]
where and . A clock valuation is a mapping , where is the set of non-negative real numbers. Denote by the set of all clock valuations. We write to denote that satisfies the constraint . We denote by the valuation such that for all . Given , we let be the clock valuation such that for all clocks . Given , let be the clock valuation such that if , and if .
A 1-bounded zone is a set of clock valuations that is defined by a conjunction of difference constraints and , where , , . We write for the set of 1-bounded zones. Given a 1-bounded zone and , the following are also 1-bounded zones (see, e.g., [4]):
[TABLE]
A timed automaton is a tuple , where is a finite set of locations, is a finite set of clocks, and is the set of edges. A configuration of is a pair consisting of a location and a clock valuation . Such a timed automaton induces a ternary transition relation
[TABLE]
on the set of configurations as follows. Given configurations and , we postulate:
- •
a delay transition for some , if and ;
- •
a discrete transition , if there is an edge of such that and .
A run of is a finite sequence of delay and discrete transitions.
Let denote the set of first-order formulas over the structure , where is the universe and is a unary predicate denoting the set of integers. We call the language of mixed linear arithmetic. This language subsumes both Presburger arithmetic (linear arithmetic over ) and linear arithmetic over . It is shown in [3, Section 3] how to rewrite a given -sentence in polynomial time into an equivalent Boolean formula whose atoms are either sentences of real linear arithmetic or sentences of Presburger arithmetic. From known complexity bounds for the latter two theories [2], it follows that deciding the truth of -sentences can be carried out by an alternating Turing machine running in time with alternations (i.e., the same complexity as Presburger arithmetic).
The main contribution of the present paper is to prove the following result.
Theorem 1**.**
Given a timed automaton with clock variables and locations of , we can compute an -formula such that there is a run of from configuration to configuration iff .
3 Proofs
3.1 Clock Memorisation
We describe a simple trick that reduces the problem of computing the binary reachability relation on a given timed automaton to that of computing the set of configurations reachable from a fixed initial configuration in a derived automaton . The idea is that starts from the zero clock valuation, guesses an initial clock valuation of , and then simulates a computation of while “remembering” as a set of differences between the values of some fresh clocks. Formally we derive Theorem 1 from the following result, which we prove later on.
Proposition 2**.**
Given a timed automaton with clocks and locations of , we can compute an -formula such that there is a run in from to if and only if .
Proof of Theorem 1.
Given a timed automaton with a distinguished location , we define a new timed automaton as follows. The set of locations is , where is a distinguished location in . The set of clocks is , where , that is, has two copies of each clock of plus an extra “reference clock” . We obtain by adding the following edges to : for each we have an edge in (that is, a selfloop on that resets both copies of clock ); we also have a single additional edge in . Notice that once leaves then neither the reference clock nor any clock in the set is reset—intuitively when exits , the value of clock is stored in the difference of and .
Observe that for all there is a run from to in if and only if there is a run in from to such that and for all . In particular, a run of from to can be simulated in as follows. Automaton starts in configuration ; by taking selfloops on and then the edge , may reach a configuration such that for all , and ; then directly simulates the given run of (without resetting the new clocks , , and ).
Let be the formula obtained in Proposition 2 for automaton . Then we define
[TABLE]
∎
3.2 A Discrete-Time Automaton
Given a timed automaton , we define an (untimed, infinite-state) nondeterministic automaton . The set of states of is
[TABLE]
Given a state , intuitively and respectively encode the integer and fractional parts of the clocks of , while is a “prophecy variable” denoting the set of clocks that will be reset at least once in the future. The alphabet of is and the set of transitions (which includes -transitions) is as follows:
For each state there is a delay transition . 2. 2.
For each clock and state of there is a wrapping transition where , , and if but otherwise . (Intuitively a wrapping transition for clock has label if since will be reset again in the future.) 3. 3.
Each edge of yields a transition of , where , , and . (Intuitively, is obtained from by guessing some clocks that will not be reset again and removing them from .)
Given states , we write if there is a run in from to on word . We furthermore write if there exists a run from to .
Proposition 3**.**
Automaton has a run from to along which the set of clocks that are reset is if and only if has a run from to for some and such that .
Proof.
For the “if” direction, suppose that
[TABLE]
is a run of with , , and . Given any valuation , we construct a sequence of valuations such that has a run
[TABLE]
The construction of is by backward induction on . The base step, valuation , is given. The induction step divides into three cases according to the type of the transition
[TABLE]
- •
Delay transition. We have , , and . Thus we can pick such that for some . Hence there is in a delay transition
[TABLE]
- •
Wrapping transition. We have for some clock . Thus we can pick such that . In this case we have
[TABLE]
- •
Discrete transition. Let the corresponding edge of be . Then we have and . Choose such that and . Then there is in a discrete transition
[TABLE]
We now turn to the “only-if” direction of the proof. Suppose that we have a run
[TABLE]
of , where . We first transform such a run, while keeping the same initial and final configurations, by decomposing each delay step into a sequence of shorter delays, so that for all and all the open interval contains no integer. In other words, we break every delay step at every point at which some clock crosses an integer boundary. We thus obtain a corresponding run of that starts from state , where , , and ends in state such that .
We build such a run of by forward induction. In particular, we construct a sequence of intermediate states , , such that for each such . Each discrete transition of is simulated by a discrete transition of . A delay transition of that ends with set of clocks being integer valued is simulated by a delay transition of , followed by wrapping transitions for all . ∎
Proposition 4**.**
Let be a timed automaton with distinguished locations . For every and the set
[TABLE]
is effectively semilinear.
Proof.
Consider the following language of “wrapping transitions” in :
[TABLE]
Define the function such that is the number of occurrences of letter in word . Since visible transitions of correspond to wrapping transitions of clocks that will not be reset any more, the commutative image is precisely the set of vectors defined in (1).
We claim that is regular, which suffices to show that the set (1) is semilinear. Indeed, denote by the largest constant appearing in a transition constraint in , and consider the equivalence relation on states of defined by iff for all either or . Clearly if then for all and clock constraints appearing in we have that iff . It follows that is a strong bisimulation (that moreover has finite index). Taking the quotient of by it follows that is accepted by a finite automaton and hence is regular. ∎
Proof of Proposition 2.
By Proposition 3 we have that
[TABLE]
But by Proposition 4 the right-hand expression above is definable by an -formula in the sense of Proposition 2. ∎
4 Computational Complexity
In this section we briefly retrace the proof of Theorem 1 in order to give a complexity bound for computing the -formula described therein. We sketch a proof that is an existential formula that can be computed in time polynomial in the number of locations of the timed automaton and exponential in the number of clocks and bit length of the maximum clock constant.
Working backwards, we start by considering the regular language in the proof of Proposition 4. From the bound it is straightforward that there is a finite automaton accepting language with number of states bounded by (where and are as in the statement of Proposition 4) and moreover this automaton can be computed in time polynomial in its size.
Lin [11] shows that the Parikh image of the language of an NFA with states and alphabet size is described by a quantifier-free formula of Presburger arithmetic that can be computed in time . We may thus refine the statement of Proposition 4 by specifying that the subset of in Equation (1) is described by a quantifier-free formula of Presburger arithmetic that can be computed in time bounded by .
Moving now to the proof of Proposition 2, we see that the formula can likewise be computed in time bounded by . Constructing formula from the Presburger-arithmetic formula referred to in Proposition 4 requires to introduce existentially quantified variables to denote the fractional parts of the clock values of the source and target configurations; but is otherwise quantifier-free.
Finally, recall that the formula in Theorem 1 was obtained from the formula in Proposition 2 with only a polynomial blow up that introduced extra existentially quantified variables.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] R. Alur and D. L. Dill. A theory of timed automata. Theor. Comput. Sci. , 126(2):183–235, 1994.
- 2[2] L. Berman. The complexitiy of logical theories. Theor. Comput. Sci. , 11:71–77, 1980.
- 3[3] B. Boigelot, S. Jodogne, and P. Wolper. An effective decision procedure for linear arithmetic over the integers and reals. ACM Trans. Comput. Log. , 6(3):614–633, 2005.
- 4[4] P. Bouyer. Untameable timed automata! In Proceedings of STACS’03 , volume 2607 of LNCS , pages 620–631. Springer, 2003.
- 5[5] L. Clemente and S. Lasota. Binary reachability of timed pushdown automata via quantifier elimination and cyclic order atoms. volume 107 of LIP Ics , pages 118:1–118:14. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, 2018.
- 6[6] H. Comon and Y. Jurski. Timed automata and the theory of real numbers. In Proceedings of CONCUR’99 , volume 1664 of LNCS , pages 242–257. Springer, 1999.
- 7[7] H. Comon and Y. Jurski. Timed automata and the theory of real numbers. Technical Report LSV-99-6, LSV, ENS Cachan, July 1999.
- 8[8] Z. Dang. Pushdown timed automata: a binary reachability characterization and safety verification. Theor. Comput. Sci. , 302(1-3):93–121, 2003.
