A theory of timed automata* - Chennai Mathematical Institute
A theory of timed automata
Transcript of A theory of timed automata
A Theory of Timed AutomataRajeev Alur David L. Dill
Bettacchi AlessandroPaoletti Nicola
Timed Automata Talk – 24/03/2009Università di Camerino
1
A Theory of Timed Automata 2
• ω-languages• Transition tables• Büchi• Müller
A Theory of Timed Automata - ω-automata 3
Formal Languages vs ω-Language
Generic Formal Language ω-Language
• (Finite) alphabet Σ• A formal language L is a subset
of Σ*, the set of all the finite words over Σ.
• Represented by a (non)deterministic finite automaton
• (Finite) alphabet Σ• A ω- language L is a subset of
Σω, the set of all the infinite words over Σ.
• ω- automata provide a finite representation for such languages with infinite words
4A Theory of Timed Automata - ω-automata
Transition Table - DefinitionA transition table A is a tuple ⟨Σ , S, S0, E⟩, where
• Σ is an input alphabet• S is a finite set of automaton states• S0 ⊆ S is a set of start states
• E ⊆ S x S x Σ is a set of edges• If <s, s’, a> ∈ E, the automaton can change its state from s to s’
reading the input symbol a.Let σ= σ1σ2σ3 … be a word over Σ and s0 ∈ S0. A run r of A over σ is
defined as follows:r: s0 s1 s2 ….. where <si-1, si, σi> ∈ E, for each i>0.
For such a run, the set inf (r) consists of the states s ∈ S such that s = si for infinitely many i ≥ 0.
5
σ1 σ2
A Theory of Timed Automata - ω-automata
Deterministic Transition Table
A = ⟨Σ , S, S0, E⟩ is a deterministic transition table iff
• |S0| = 1 (a single start state)
• Provided s ∈ S and a ∈ Σ, |{ <s, s’, a> ∈ E}| = 1 (the current state and the next input symbol determine the next state uniquely)
A deterministic automaton has at most one run over a given word
6A Theory of Timed Automata - ω-automata
Example of ω-automata:Büchi automata
• A Büchi automaton A is a transition table ⟨Σ , S, S0, E⟩, with an additional set F ⊆ S of accepting states.
• A run r of A over a word σ ∈ Σω is an accepting run iff inf (r) ∩ F ≠ ∅ . In other words, a run r is accepting iff some state from the set F repeats infinitely often along r.
• The language L(A) accepted by A consists of the words σ ∈ Σω such that A has an accepting run over σ.
• A ω-language is called ω-regular iff it is accepted by some Büchi automaton
7A Theory of Timed Automata - ω-automata
Example of ω-automata:Müller automata
• A Müller automaton A is a transition table ⟨Σ , S, S0, E⟩, with an acceptance family F ⊆ 2S.
• A run r of A over a word σ ∈ Σω is an accepting run iff inf (r) ∈ F. That is, a run r is accepting iff the set of states repeating infinitely often along r equals some set in F .
• The language L(A) accepted by A consists of the words σ ∈ Σω such that A has an accepting run over σ.
• The class of languages accepted by Müller automata is the same as that accepted by Büchi automata, and also equals that accepted by deterministic Müller automata.
8A Theory of Timed Automata - ω-automata
Müller automata - Example
• The deterministic Müller automaton below accepts all the infinite words over {a,b} with a finite number of b.
• The acceptance family is {{s1}}
• L(A) = (a+b)*aω
9A Theory of Timed Automata - ω-automata
• Timed (Regular) Languages• Timed Transition Tables• TBA, TMA
10A Theory of Timed Automata – Timed Automata
Timed Languages
• A time sequence τ = τ1 τ2 … is an infinite sequence of time values τi ∈ R (i>0), satisfying the following constraints:
• Monotonicity: τi < τi+1 , for all i>0.
• Progress: For every t ∈ R, there is some i >0 such that τi > t.
• A timed word over an alphabet Σ is a pair (σ, τ) where σ = σ1 σ2… is an infinite word over Σ and τ is a time sequence.
• A timed language over Σ is a set of timed words over Σ. • If a timed word (σ, τ) is viewed as an input to an automaton, it
presents the symbol σi at time τI
11A Theory of Timed Automata – Timed Automata
Untime(L)
• For a timed language L over Σ, Untime(L) is the ω-language consisting of σ ∈ Σω such that (σ, τ) ∈ L for some time sequence τ.
• Example: Let be Σ={a,b} and L={(σ, τ) | ∀i, (τi > 5.6) → (σi = a)}; so defined, L contains all the timed words over Σ with no b after time 5.6. In this case, Untime(L) = (a+b)*aω
12A Theory of Timed Automata – Timed Automata
Timed Transition Table - Overview
• Extends the concept of transition table in order to read timed words• A timed transition table is associated with a finite set of (real-
valued) clocks.• A clock can be set to zero simultaneously with any transition. • At any instant, the reading of a clock equals the time elapsed since
the last time it was reset. • Each transition is associated to a clock constraint so that the
transition may be taken only if the current values of the clocks satisfy this constraint
13A Theory of Timed Automata – Timed Automata
Clock constraints and clock interpretations
• For a set X of clock variables, the set Φ(X) of clock constraints δ is defined inductively by: δ := x ≤ c | c ≤ x | ¬δ | δ1 ∧ δ2, where x ∈ X is a clock and c ∈ Q is a rational value.
• A clock interpretation v for a set X of clocks assigns a real value to each clock.
• For t ∈ R,• v + t denotes the clock interpretation which maps every clock x to the
value v(x) + t (at the same way, v⋅t → v(x)⋅t) • For Y ⊆ X, [Y |→t]v denotes the clock interpretation for X which
assigns t to each x ∈ Y , and agrees with v over the rest of the clocks.
14A Theory of Timed Automata – Timed Automata
Timed Transition Table - Formally
A timed transition table A is a tuple ⟨Σ, S, S0, C, E⟩ where:
• Σ is a finite alphabet• S is a finite set of states• S0 ⊆ S is a set of start states
• C is a finite set of clocks• E ⊆ S x S x Σ x 2C x Φ(C) gives the set of transitions. An edge <s,
s’, a, λ, δ> represents a transition from state s to state s’ on input symbol a. The set λ ⊆ C gives the clocks to be reset with this transition, and δ is a clock constraint over C.
15A Theory of Timed Automata – Timed Automata
Timed Transition Table - Run
• A run r, denoted by (s, v), of a timed transition table ⟨Σ, S, S0, C, E⟩ over a timed word (σ, τ) is an infinite sequence of the form:
r: ⟨s0, v0⟩ ⟨s1, v1⟩ ⟨s2, v2⟩……with si ∈ S and vi ∈ [C|→R], for all i ≥ 0, satisfying the following
requirements: • Initiation: s0 ∈ S0, and v0(x) = 0 for all x ∈ C.
• Consecution: for all i >0, there is an edge in E of the form <si-1, si, ai, λi, δi> such that (vi-1 + τi - τi-1) satisfies δi and vi
equals [λi |→0](vi-1 + τi - τi-1).
• The set inf(r) consists of those states s ∈ S such that s = si for infinitely many i ≥ 0.
16A Theory of Timed Automata – Timed Automata
σ1
τ1 σ2
τ2
Example
• The above timed transition table uses two clocks (x and y) and accept the language
L={((abcd)ω, τ) | ∀i (τ4i+3 < τ4i+1 + 1) ∧ (τ4i+4 > τ4i+2 + 2)}(from s1 to s3 the timevalue must be < 1 and from s2 to s0 must be > 2)
• Consider the timed word (a, 2)→(b, 2.7)→(c, 2.8)→(d, 5)→... The run over such word on this timed transition table is: ⟨s0, [0,0]⟩ → ⟨s1, [0,2]⟩ → ⟨s2, [0.7, 0]⟩ → ⟨s3, [0.8, 0.1]⟩ → ⟨s0 [3, 2.3]⟩ →...
17A Theory of Timed Automata – Timed Automata
a2
b2.7
c2.8
d5
TBA and Timed Regular Language
• A Timed Büchi Automaton (TBA) A is a timed transition table ⟨Σ, S, S0, C, E ⟩, with an additional set F ⊆ S of accepting states.
• A run r of A over a timed word (σ, τ) is an accepting run iff inf (r) ∩ F ≠ ∅ .
• The timed language L(A) accepted by A consists of the timed words (σ, τ) such that A has an accepting run over (σ, τ).
• A timed language L is a timed regular language iff L = L(A) for some TBA A
18A Theory of Timed Automata – Timed Automata
Timed Regular Languages - PropertiesCLOSURE PROPERTIES UNTIME PROPERTIES
The class of timed regular languages is closed under (finite) union and intersection.
Let L be a timed regular language. For every word σ, σ ∈ Untime(L) iff there exists atime sequence τ such that τi ∈ Q
for all i >0, and (σ, τ) ∈ L.
(Provided a timed automata A, Untime(L(A)) remains the same if requiring the time values in the time sequence to be rationals instead of reals)
19A Theory of Timed Automata – Timed Automata
Timed Müller Automata
• A Timed Müller Automaton (TMA) A is a timed transition table ⟨Σ, S, S0, C, E ⟩, with an acceptance family F ⊆ 2S.
• A run r of A over a timed word (σ, τ) is an accepting run iff inf (r) ∈ F.
• For A TMA, L(A)={(σ, τ) | A has an accepting run over (σ, τ)}
• A timed language is accepted by TBA iff it is accepted by some TMA(TBA and TMA has the same expressive power)
So,
• A timed language L is a timed regular language iff L = L(A) for some TMA A
20A Theory of Timed Automata – Timed Automata
• Clock Regions• Region Automaton• Complexity of checking emptiness
A Theory of Timed Automata – Checking Emptiness 21
Checking Emptiness
• In this part, we discuss a method to check the emptiness of a timed language
• Infinite accepting paths is a necessary condition for language non-emptiness
• But, time constraints play a crucial role
• It has been proved that, for checking emptiness, it’s possible to restrict time constraints to integer values
22A Theory of Timed Automata – Checking Emptiness
Clock Regions - Overview
• Extended States: For a timed transition table A = ⟨Σ, S, S0, C, E⟩, an extended state is a pair ⟨s,v⟩ where s ∈ S and v is a clock interpretation for C.
• Idea: The set of possible extended states for a timed transition table is infinite, but it can be partitioned into a finite collection of equivalence classes such that the runs starting from extended states in the same equivalence class are very similar.
• Some definitions: • For any t ∈ R, fract(t) denotes the fractional part of t, while t denotes the integral
part of t. (t=3.125 , fract(t) =0.125, t =3)• For each x ∈ C, cx is the largest integer c which is compared with the clock x
among all the time constraints appearing in E
23A Theory of Timed Automata – Checking Emptiness
How to partition? Some Observations• If two extended states with the same s ∈ S e agree on the integral
parts of all clock values, and also on the ordering of the fractional parts of all clock values, they should be in the same class. (The integral parts of the clock values are needed to determine whether or not a particular clock constraint is met, whereas the ordering of the fractional parts is needed to decide which clock will change its integral part first).
• For example, if two clocks x and y are between 0 and 1 in an extended state, then a transition with clock constraint (x = 1) can be followed by a transition with clock constraint (y = 1), iff (x < y).
• Moreover, the value of a clock x is irrelevant if it’s strictly greater than cx
24A Theory of Timed Automata – Checking Emptiness
Clock Regions - Definition
• Let A = ⟨Σ, S, S0, C, E⟩ be a timed transition table. A clock region for A is an equivalence class of clock interpretations induced by a relation ∼ ⊆ ([C|→R])2 such that v ∼ v’ iff the following conditions hold:
• For all x ∈ C, either v(x) and v’(x) are the same, or both v(x) and v’(x) are greater than cx.
• For all x, y ∈ C with v(x) ≤ cx and v(y) ≤ cy, fract (v(x)) ≤ fract (v(y)) iff fract (v’(x)) ≤ fract (v’(y))
• For all x∈ C with v(x) ≤ cx fract (v(x)) = 0 iff fract (v’(x)) = 0
Lemma: The number of clock regions is bounded by |C|! ⋅ 2|C| ⋅ Π x ∈ C (2cx +2)
Notation: [v] represents the clock region which v belongs to
25A Theory of Timed Automata – Checking Emptiness
Clock Regions - Example
• Consider a timed transition table A with two clocks x and y with cx = 2 and cy = 1. The clock regions are shown in the figure below.
• Note that there are only a finite number of regions (28). Also note that for a clock constraint δ of A, if v ∼ v’ then v satisfies δ iff v’ satisfies δ. So a clock region α satisfies a clock constraint δ iffevery v ∈ α satisfies δ. Each region can be represented by specifying
26A Theory of Timed Automata – Checking Emptiness
The region automaton
• Provided a Timed Transition Table A, the Region Automaton of A, denoted by R(A), is a transition table such that:▫ Each state of R(A) is described by a state of A and a clock region, with
the interpretation that if ⟨s, v⟩ is an extended state of A, the state of R(A) is ⟨s, [v]⟩.
▫ R(A) starts of the form ⟨s0, [v0]⟩ where s0 is a start state of A and v0 assigns the time value 0 to all the clocks.
▫ R(A) has an edge from ⟨s, α⟩ to ⟨s’, α’⟩ labelled with a iff A from state s can make a transition on a to the extended state ⟨s, v’⟩ for some v’ in α’.
• Def: A clock region α’ is a time-successor of a clock region α iff for each v ∈ α, there exists t ∈ R+ such that v + t ∈ α’ .
27A Theory of Timed Automata – Checking Emptiness
The region automaton – Formally
• Let A = ⟨Σ, S, S0, C, E⟩ be a timed transition table; R(A) is a transition table such that:▫ The states of R(A) are in the form ⟨s, α⟩ where s ∈ S and α is a clock
region.▫ The initial states are in the form ⟨s0, [vo]⟩ where s0 ∈ S0 and v0(x) = 0 for
each x ∈ C. ▫ R(A) has an edge ⟨⟨s, α⟩, ⟨s’, α’⟩, a⟩ iff there is an edge ⟨s, s’, a, λ, δ⟩ ∈ E
and a region α’’ such that:e α’’ is a time successor of αs α’’ satisfies δs α’ = [λ |→0] α’’
28A Theory of Timed Automata – Checking Emptiness
The region automaton – Run - 1
• Def: For a run r = (s, v) of the form: r: ⟨s0, v0⟩ ⟨s1, v1⟩ … it’s possible to define its projection [r] = (s, [v]) as the sequence: [r]: ⟨s0, [v0]⟩ ⟨s1, [v1]⟩ …
• So defined [r] is a run of R(A) over σ.
• Since time progresses without bound long r for every clock x ∈ C, it holds that:• Either x is reset infinitely often (x=0)• Or from a certain time, it increases without bound (x>cx)
29A Theory of Timed Automata – Checking Emptiness
σ1
τ1 σ2
τ2
σ1σ2
The region automaton – Run - 2
• Def: A run r = (s, α) of R(A) of the form: r: ⟨s0, α0⟩ ⟨s1, α 1⟩ … is progressive iff for each clock x ∈ C, there are infinitely many i ≥ 0 such that αi satisfies [(x= 0) ∨ (x>cx)].
• Thus for a run r of A over (σ, τ), [r] is a progressive run of R(A) over σ.
• Lemma: If r is a progressive run of R(A) over σ, then there exists a time sequence τ and a run r’ of A over (σ, τ) such that r equals [r’].
30A Theory of Timed Automata – Checking Emptiness
σ1σ2
Progressive run – Example - 1
31A Theory of Timed Automata – Checking Emptiness
Consider the timed automaton A0 in the figure and the corresponding region automaton R(A0).• Σ = {a, b, c, d}• cx=1 and cy=1• Every state is an accepting state
•Every run of R(A0) has a suffix among these forms:•A0 cycles between ⟨S1, [0=y<x<1] ⟩ and ⟨S3, [0<y<x<1] ⟩•A0 stays in ⟨S3, [0<y<1<x] ⟩ with the self-loop•A0 stays in ⟨S3, [x>1, y>1] ⟩ with the self-loop
Progressive run – Example - 2
• It’s clear to see that only the third case represents a progressive run because
• y is reset infinitely often, but x is not; moreover x is never greater than cx. NO PROGRESSIVE
• x is unbounded, but y is not; moreover y is reset finitely often. NO PROGRESSIVE
• Both x and y are unbounded (greater than cx and cy respectively). PROGRESSIVE!
32A Theory of Timed Automata – Checking Emptiness
The Untiming Construction
• Theorem 1: Given a TBA A = ⟨Σ, S, S0, C, E, F⟩, there exists a Büchi Automaton over Σ, accepting Untime[L(A)]. (This theorem also holds for TMAs and Müller automata)
• The proof is based on the concept that for a timed automaton A, its region automaton can be used to recognize Untime[L(A)].
• Theorem 2: Given a TBA A = ⟨Σ, S, S0, C, E, F⟩, the emptiness of L(A) can be checked in time O((|S|+|E|)⋅2|δ(A)|).
• Theorem 2 is proved building a Büchi Automaton A’ =⟨Σ, S’, S0’, E, F ⟩ as described in Theorem 1 and showing that the time need to check L(A) emptiness is linear to |S’|+|E’|
33A Theory of Timed Automata – Checking Emptiness
Untiming – Example
34A Theory of Timed Automata – Checking Emptiness
Consider A0 and R(A0) of the previous example. We know that the only progressive run of R(A0) is the one which stays infinitely often in the state ⟨S3, [x>1, y>1] ⟩.
So R(A0) can be changed to a Büchi automaton (accepting Untime[L(A0)] as the previous theorem states) choosing the accepting set F={⟨S3, [x>1, y>1] ⟩}.
Consequently:Untime[L(A 0)] = L[R(A 0)]=(ac) +d ω
Checking Emptiness – Computational Complexity - 1• The problem of deciding the emptiness of the language
of a given timed automaton A, is PSPACE-complete.
• Proof:4. Emptiness ∈ PSPACE:
Since the number of states of the region automaton is exponential in the number of clocks of A, we cannot construct the entire transition table. But it is possible to (nondeterministically) check for nonemptiness of the region automaton by building a path of the desired form using only polynomial space.
35A Theory of Timed Automata – Checking Emptiness
Checking Emptiness – Computational Complexity - 2• Proof:2. Emptiness is PSPACE-hard:
Since the number of states of the region automaton is exponential in the number of clocks of A, we cannot construct the entire transition table. But it is possible to (nondeterministically) check for nonemptiness of the region automaton by building a path of the desired form using only polynomial space.
36A Theory of Timed Automata – Checking Emptiness