An introduction to timed automata

forward symbolic transition systems. Let a be an abstraction operator (possibly partially) defined on the sets of valuations (a associates to sets of valuations sets of valuations). We define the abstract forward symbolic transition system ‘⇒a’ in the following way: (l,W )⇒ (l′,W ′) W = a(W ) (l,W )⇒a (l′, a(W ′)) This transition system gives naturally rise to the following forward computation in A. S f,a 0 = {(l0, a({0X}))} S f,a 1 = S f,a 0 ∪ {(l′,W ′) ∣ ∃(l,W ) ∈ S f,a 0 such that (l,W )⇒a (l′,W ′)} .. S f,a p+1 = S f,a p ∪ {(l′,W ′) ∣ ∃(l,W ) ∈ S f,a p such that (l,W )⇒a (l′,W ′)} .. with the same halting conditions (and inclusion checks) as previously. Soundness criteria. The abstraction operator a is said correct with respect to reachability properties in A whenever the following holds: if (l0, a({0X}))⇒a (l,W ) then there exists a run (l0,0X)→ (l, v) with v ∈ W in A The abstraction operator a is said complete with respect to reachability properties whenever the following holds in A: if (l0,0X)→ (l, v) is a run in A then (l0, a({0X}))⇒a (l,W ) for some W with v ∈ W Remark 9. Note that these two notions could be generalized to more general properties than reachability properties, but we follow our lines and concentrate on reachability properties. ┘ Our aim is to define abstraction operators a such that the four following properties hold: (Finiteness) {a(W ) ∣ a defined on W} is finite (this ensures termination of the “abstract” forward computation) (Correctness) a is correct with respect to reachability (Completeness) a is complete with respect to reachability (Effectiveness) a is “effective” The three first properties are properly defined, the last one is more informal. The effectiveness criterion expresses that the abstraction has to be easily computable. In timed automata literature this is most of the time interpreted as “a has to be defined for all zones and a(Z) has to be a zone when Z is a zone”. Note that other effectiveness criteria could be proposed, but that is the one we choose here. The extrapolation operator. The abstraction operator which is commonly used is called extrapolation, and sometimes normalization [Ben02] or approximation [Bou04]. We will note it here ApproxK , it is defined up to a constant K as follows: if Z is a zone, ApproxK(Z) is the smallestK-bounded zone which contains Z. This operation is well-defined on DBMs: ifM is a DBM in normal form representing Z, a DBM representing ApproxK(Z) is obtained from M where each coefficient (≺;m) with m < −K is replaced by (<;−K) and all coefficients (≺;m) with m > K is replaced by (<;∞), all other coefficients are unchanged. We write ApproxK(M) for this transformed DBM: it holds that JApproxK(M)K = ApproxK(JMK). Example 12. Consider again the zone introduced in example 11. As we have already mentioned, it can be represented by the DBM in normal form on the left and its 2-extrapolation is the DBM on the right (where we again do not mention the comparison operators): M = … 0−3 0 9 0 4 5 2 0  and Approx2(M) = … 0 −2 0 +∞ 0 +∞ +∞ 2 0  They are both represented on the picture below.