Determinisability of one-clock timed automata
DDeterminisability of one-clock timed automata
Lorenzo Clemente
University of Warsaw, [email protected]
Sławomir Lasota
University of Warsaw, [email protected]
Radosław Piórkowski
University of Warsaw, [email protected]
Abstract
The deterministic membership problem for timed automata asks whether the timed languagerecognised by a nondeterministic timed automaton can be recognised by a deterministic timedautomaton. We show that the problem is decidable when the input automaton is a one-clocknondeterministic timed automaton without epsilon transitions and the number of clocks of thedeterministic timed automaton is fixed. We show that the problem in all the other cases is undecidable,i.e., when either 1) the input nondeterministic timed automaton has two clocks or more, or 2) it usesepsilon transitions, or 3) the number of clocks of the output deterministic automaton is not fixed.
Theory of computation - Automata over infinite objects; Theoryof computation - Quantitative automata; Theory of computation - Timed and hybrid models.
Keywords and phrases
Timed automata, determinisation, deterministic membership problem
Digital Object Identifier
Funding
Lorenzo Clemente : Partially supported by the Polish NCN grant 2017/26/D/ST6/00201.
Sławomir Lasota : Partially supported by the Polish NCN grant 2019/35/B/ST6/02322 and by theERC grant LIPA, agreement no. 683080.
Radosław Piórkowski : Partially supported by the Polish NCN grant 2017/27/B/ST6/02093.
Acknowledgements
We thank S. Krishna for fruitful discussions and the anonymous reviewers fortheir constructive comments. © Lorenzo Clemente and Sławomir Lasota and Radosław Piórkowski;licensed under Creative Commons License CC-BY31st International Conference on Concurrency Theory (CONCUR 2020).Editors: Igor Konnov and Laura Kovács; Article No. 38; pp. 38:1–38:21Leibniz International Proceedings in InformaticsSchloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl Publishing, Germany a r X i v : . [ c s . F L ] J u l Nondeterministic timed automata ( nta ) are one of the most widespread model of real-timereactive systems. They are an extension of finite automata with real-valued clocks whichcan be reset and compared by inequality constraints. The nonemptiness problem for nta isdecidable and in fact
PSpace -complete, as shown by Alur and Dill in their landmark paper [3].As a testimony to the importance of the model, the authors received the 2016 Church Award[1] for the invention of timed automata. This paved the way to the automatic verification oftimed systems, leading to mature tools such as UPPAAL [9], UPPAAL Tiga (timed games)[16], and PRISM (probabilistic timed automata) [33]. The reachability problem is still a veryactive research area to these days [22, 30, 2, 26, 27, 29], as well as expressive generalisationsthereof, such as the binary reachability problem [20, 21, 32, 24].Deterministic timed automata ( dta ) form a strict subclass of nta where the nextconfiguration is uniquely determined from the current one and the timed input symbol. Theclass of dta enjoys stronger properties than nta , such as decidable universality and inclusionproblems and closure under complementation [3]. Moreover, the more restrictive natureof dta is necessary in several applications of timed automata, such as test generation [37],fault diagnosis [13], and learning [46, 42], winning conditions in timed games [5, 31, 14], andin a notion of recognisability of timed languages [35]. For these reasons, and for the moregeneral quest of understanding the nature of the expressive power of nondeterminism intimed automata, many researchers have focused on defining determinisable classes of timedautomata, such as strongly non-zeno nta [6], event-clock nta [4], and nta with integer-resets[41]. The classes above are not exhaustive, in the sense that there are nta recognisingdeterministic timed languages not falling into any of the classes above.Another remarkable subclass of nta is obtained by requiring the presence of just oneclock (without epsilon transitions). The resulting class of nta is incomparable with dta :For instance, nta are not closed under complement (unlike dta ) and there are very simple dta languages which are not recognisable by any nta . Nonetheless, nta , like dta , havedecidable inclusion, equivalence, and universality problems [38, 34], albeit the complexity isnon-primitive recursive [34, Corollary 4.2] (see also [39, Theorem 7.2] for an analogous lowerbound for the satisfiability problem of metric temporal logic). Moreover, the non-emptinessproblem for nta is NLogSpace -complete (vs.
PSpace -complete for unrestricted nta and dta , already with two clocks [22]), and computing the binary reachability relation is simplerwhen there is only one clock than in the general case [18].
The deterministic membership problem.
The dta membership problem asks, given an nta , whether there exists a dta recognising the same language. There are two naturalvariants of this problem, which are obtained by restricting the resources available to thesought dta . Let k ∈ N be a bound on the number of clocks, and let m ∈ N be a boundon the maximal absolute value of numerical constants. The dta k and dta k,m membershipproblems are the restriction of the problem above where the dta is required to have at most k clocks, resp., at most k clocks and absolute value of maximal constant bounded by m .Notice that we do not bound the number of control locations of the dta , which makes theproblem non-trivial.Since regular languages are deterministic, the dta k membership problem can be seen asa quantitative generalisation of the regularity problem. For instance, the dta membershipproblem is exactly the regularity problem since a timed automaton with no clocks is thesame as a finite automaton. We remark that the regularity problem is usually undecidable . Clemente, S. Lasota, and R. Piórkowski 38:3 for nondeterministic models of computation generalising finite automata, e.g., context-freegrammars/pushdown automata [40, Theorem 6.6.6], labelled Petri nets under reachabilitysemantics [45], Parikh automata [15], etc. One way to obtain decidability is to eitherrestrict the input model to be deterministic (e.g., [44, 45, 8]), or to consider finer notions ofequivalence, such as bisimulation (e.g., [28]).This negative situation is generally confirmed for timed automata. For every number ofclocks k ∈ N and maximal constant m , the dta , dta k , and dta k,m membership problems areknown to be undecidable when the input nta has ≥ nta with epsilontransitions [23, 43]. To the best of our knowledge, the deterministic membership problemwas not studied before when the input automaton is nta without epsilon transitions. Contributions.
We complete the study of the decidability border for the deterministicmembership problem initiated in [23, 43]. Our main result is the following. (cid:73)
Theorem 1.1.
The dta k membership and the dta k,m membership problems are decidablefor nta languages. Our decidability result contrasts starkly with the abdundance of undecidability resultsfor the regularity problem. We establish decidability by showing that if a nta k,m recognisesa dta k language, then in fact it recognises a dta k,m language and moreover there isa computable bound on the number of control locations of the deterministic acceptor(c.f. Lemma 4.1). This provides a decision procedure since there are finitely many dta oncethe number of clocks, the maximal constant, and the number of control locations are fixed.In our technical analysis we find it convenient to introduce the so called always resetting subclass of nta k . These automata are required to reset at least one clock at every transitionand are thus of expressive power intermediate between nta k − and nta k . Always resetting nta are strictly more expressive than nta : For instance, the language of timed wordsof the form ( a, t )( a, t )( a, t ) s.t. t − t > t − t < nta but by no nta . Despite their increased expressive power, alwaysresetting nta still have a decidable universality problem (the well-quasi order approach of[38] goes through), which is not the case for nta . Thanks to this restricted form, we areable to provide in Lemma 4.1 an elegant characterisation of those nta languages which arerecognised by an always resetting dta k .We complement the decidability result above by showing that the problem becomesundecidable if we do not restrict the number of clocks of the dta . (cid:73) Theorem 1.2.
The dta and dta _ ,m ( m > ) membership problems are undecidable for nta without epsilon transitions. Finally, by refining the analysis of [23], we show that the dta k and dta k,m membershipproblems for nta are non-primitive recursive. (cid:73) Theorem 1.3.
The dta k and dta k,m membership problems are HyperAckermann -hardfor nta . Related research.
Many works addressed the construction of a dta equivalent to a given nta (see [10] and references therein), however since the general problem is undecidable, onehas to either sacrifice termination, or consider deterministic under/over-approximations. Ina related line of work, we have shown that the deterministic separability problem is decidablefor the full class of nta , when the number of clocks of the separator is given in the input [19].This contrasts with undecidability of the corresponding membership problem. Decidability
C O N C U R 2 0 2 0 of the deterministic separability problem when the number of clocks of the separator is notprovided remains a challenging open problem.
Timed words and languages.
Fix a finite alphabet Σ. Let R and R ≥ denote reals andnonnegative reals , respectively. A timed word over Σ is any sequence of the form w = ( a , t ) . . . ( a n , t n ) ∈ (Σ × R ≥ ) ∗ (1)which is monotonic , in the sense that the timestamps t i ’s satisfy 0 ≤ t ≤ t ≤ · · · ≤ t n . Let T (Σ) be the set of all timed words over Σ, and let T ≥ t (Σ) be, for t ∈ R ≥ , the set of timedwords with t ≥ t . A timed language is a subset of T (Σ).The concatenation w · v of two timed words w and v is defined only when the firsttime-stamp of v is greater or equal than the last timestamp of w . Using this partial operation,we define, for a timed word w ∈ T (Σ) and a timed language L ⊆ T (Σ), the left quotient w − L := { v ∈ T (Σ) | w · v ∈ L } . Clearly w − L ⊆ T ≥ t n (Σ). Clock constraints and regions.
Let X = { x , . . . , x k } be a finite set of clocks. A clockvaluation is a function µ ∈ R X ≥ assigning a non-negative real number µ ( x ) to every clock x ∈ X . A clock constraint is a quantifier-free formula of the form ϕ, ψ :: ≡ true | false | x i − x j ∼ z | x i ∼ z | ¬ ϕ | ϕ ∧ ψ | ϕ ∨ ψ, where “ ∼ ” is a comparison operator in { = , <, ≤ , >, ≥} and z ∈ Z . A clock valuation µ satisfies a constraint ϕ , written µ | = ϕ , if interpreting each clock x i by µ ( x i ) makes ϕ atautology. An k, m -region is a non-empty set of valuations (cid:74) ϕ (cid:75) satisfied by a constraint ϕ with k clocks and absolute value of maximal constant bounded by m , which is minimalw.r.t. set inclusion. For instance, the clock constraint 1 < x < ∧ < x < ∧ x − x < , , ,
4) and (2 , Timed automata.
A (nondeterministic) timed automaton is a tuple A = (Σ , L , X , I , F , ∆),where Σ is a finite input alphabet, L is a finite set of control locations, X is a finite set ofclocks, I , F ⊆ L are the subsets of initial, resp., final, control locations, and ∆ is a finite setof transition rules of the form( p, a, ϕ, Y , q ) (2)with p, q ∈ L control locations, a ∈ Σ, ϕ a clock constraint to be tested, and Y ⊆ X the set ofclocks to be reset. We write nta for the class of all nondeterministic timed automata, nta k when the number k of clocks is fixed, nta _ ,m when the bound m on constants is fixed, and nta k,m when both k and m are fixed.An nta _ ,m A is always resetting if every transition rule as in (2) resets some clock Y = ∅ , and greedily resetting if, for every clock x , whenever ϕ implies that x belongs to { , . . . , m } ∪ ( m, ∞ ), then x ∈ Y . Equivalently, nonnegative rationals may be considered in place of reals. . Clemente, S. Lasota, and R. Piórkowski 38:5
Reset-point semantics. A configuration of an nta A is a tuple ( p, µ, t ) consisting of acontrol location p ∈ L , a reset-point assignment µ ∈ R X ≥ , and a “now” timestamp t ∈ R ≥ satisfying µ ( x ) ≤ t for all clocks x ∈ X . Intuitively, t is the last timestamp seen in theinput and, for every clock x , µ ( x ) stores the timestamp of the last reset of x . A configurationis initial if p is so, t = 0, and µ ( x ) = 0 for all clocks x , and it is final if p is so (withoutany further restriction on µ or t ). For a set of clocks Y ⊆ X and a timestamp u ∈ R ≥ , let µ [ Y u ] be the assignment which is u on Y and agrees with µ on X \ Y . An assignment µ together with t induces a clock valuation t − µ defined as ( t − µ )( x ) = t − µ ( x ) forall clocks x ∈ X . Clock assignments and valuations have the same type R X ≥ , however wefind it technically convenient to store assignments in configurations and use the derivedvaluations to interpret the clock constraints. Such reset-point semantics based on reset-pointassignments has already appeared in the literature on timed automata [25] and it is thefoundation of the related model of timed-register automata [12].Every transition rule (2) induces a transition between configurations ( p, µ, t ) a,t −−→ ( q, ν, t )labelled by ( a, t ) ∈ Σ × R ≥ whenever t ≥ t , t − µ | = ϕ , and ν = µ [ Y t ]. The timed transition system induced by A is ( (cid:74) A (cid:75) , −→ , F ), where (cid:74) A (cid:75) is the set of configurations, −→ ⊆ (cid:74) A (cid:75) × Σ × R ≥ × (cid:74) A (cid:75) is as defined above, and F ⊆ (cid:74) A (cid:75) is the set of final configurations.Since there is no danger of confusion, we use (cid:74) A (cid:75) to denote either the timed transitionsystem above, or its domain. A run of A over a timed word w as in (1) starting inconfiguration ( p, µ, t ) and ending in configuration ( q, ν, t n ) is a path ρ in (cid:74) A (cid:75) of the form ρ = ( p, µ, t ) a ,t −−−→ . . . a n ,t n −−−→ ( q, ν, t n ). The run ρ is accepting if its last configurationsatisfies ( q, ν, t n ) ∈ F . The language recognised by configuration ( p, µ, t ) is defined as: L (cid:74) A (cid:75) ( p, µ, t ) = { w ∈ T (Σ) | (cid:74) A (cid:75) has an accepting run over w starting in ( p, µ, t ) } . Clearly L (cid:74) A (cid:75) ( p, µ, t ) ⊆ T ≥ t (Σ). We write L A ( c ) instead of L (cid:74) A (cid:75) ( c ). The language recognisedby the automaton A is L ( A ) = S c initial L A ( c ). A configuration is reachable if it is the endingconfiguration in a run starting in an initial configuration. In an always resetting nta _ ,m ,every reachable configuration ( p, µ, t ) satisfies t ∈ µ ( X ), and in a greedily resetting one, 1)( p, µ, t ) has m -bounded span , in the sense that µ ( X ) ⊆ ( t − m, t ], and moreover 2) any twoclocks x , y with integer difference µ ( x ) − µ ( y ) ∈ Z are actually equal µ ( x ) = µ ( y ). Condition2) follows from the fact that if x , y have integer difference and y was reset last, then x wasitself an integer when this happened, and in fact they were both reset together in a greedilyresetting automaton. Deterministic timed automata.
A timed automaton A is deterministic if it has exactlyone initial location and, for every two rules ( p, a, ϕ, Y , q ) , ( p, a , ϕ , Y , q ) ∈ ∆, if a = a and (cid:74) ϕ ∧ ϕ (cid:75) = ∅ then Y = Y and q = q . Hence A has at most one run over every timed word w .A dta can be easily transformed to a total one, where for every location p ∈ L and a ∈ Σ,the sets defined by clock constraints { (cid:74) ϕ (cid:75) | ∃ Y , q · ( p, a, ϕ, Y , q ) ∈ ∆ } are a partition of R X ≥ .Thus, a total dta has exactly one run over every timed word w . We write dta for the class ofdeterministic timed automata, and dta k , dta _ ,m , and dta k,m for the respective subclassesthereof. A timed language is called nta language, dta language, etc., if it is recognised by atimed automaton of the respective type. (cid:73) Example 2.1.
Let Σ = { a } be a unary alphabet. As an example of a timed language L recognised by a nta , but not by any dta , consider the set of non-negative timed words ofthe form ( a, t ) · · · ( a, t n ) where t n − t i = 1 for some 1 ≤ i < n . The language L is recognisedby the nta A = (Σ , L , X , I , F , ∆) with a single clock X = { x } and three locations L = { p, q, r } , C O N C U R 2 0 2 0 of which I = { p } is initial and F = { r } is final, and transition rules( p, a, true , ∅ , p ) ( p, a, true , { x } , q ) ( q, a, x < , ∅ , q ) ( q, a, x = 1 , ∅ , r ) . Intuitively, in p the automaton waits until it guesses that the next input will be ( a, t i ), atwhich point it moves to q by resetting the clock (and subsequently reading a ). From q , theautomaton can accept by going to r only if exactly one time unit elapsed since ( a, t i ) wasread. The language L is not recognised by any dta since, intuitively, any deterministicacceptor needs to store unboundedly many timestamps t i ’s. Deterministic membership problems.
Let X be a subclass of nta . We are interested inthe following decision problem. X membership problem . Input:
A timed automaton A ∈ nta . Output:
Does there exist a B ∈ X s.t. L ( A ) = L ( B )?In the rest of the paper, we study the decidability status of the X membership problemwhere X ranges over dta , dta k (for every fixed number of clocks k ), dta _ ,m (for everymaximal constant m ), and dta k,m (when both clocks k and maximal constant m are fixed).Example 2.1 shows that there are nta languages which cannot be accepted by any dta .Moreover, there is no computable bound for the number of clocks k which suffice to recognisea nta language by a dta k (when such a number exists), which follows from the followingthree observations: 1) the dta membership problem is undecidable for nta (Theorem 1.2),2) the problem of deciding equivalence of a given nta to a given dta is decidable [38], and3) if a nta ,m is equivalent to some dta k then it is in fact equivalent to some dta k,m withcomputably many control locations (by Lemma 4.1). A fundamental tool in this paper is invariance properties of timed languages recognised by nta with respect to permutations of R preserving integer differences. In this section weestablish these properties. A timed automorphism is a monotone bijection π : R → R s.t. forevery x ∈ R , π ( x + 1) = π ( x ) + 1. For instance, if π (3 .
4) = 4 .
5, then necessarily π (5 .
4) = 6 . π ( − .
6) = − .
5. Timed automorphisms π are extended point-wise to timed words π (( a , t ) . . . ( a n , t n )) = ( a , π ( t )) . . . ( a n , π ( t n )), configurations π ( p, µ, t ) = ( p, π ◦ µ, π ( t )),transitions π ( c a,t −−→ c ) = π ( c ) a,π ( t ) −−−−→ π ( c ), and sets X thereof π ( X ) = { π ( x ) | x ∈ X } . (cid:73) Remark 3.1.
A timed automorphism π can in general take a nonnegative real t ≥ π ( x ), we always implicitly assume that π is defined on x .Let S ⊆ R ≥ . An S -timed automorphism is a timed automorphism s.t. π ( t ) = t for all t ∈ S . Let Π S denote the set of all S -timed automorphisms, and let Π = Π ∅ . A set X is S -invariant if π ( X ) = X for every π ∈ Π S ; equivalently, for every π ∈ Π S , x ∈ X if, andonly if π ( x ) ∈ X . A set X is invariant if it is S -invariant with S = ∅ . The following threefacts express some basic invariance properties. (cid:73) Fact 3.2.
The timed transition system (cid:74) A (cid:75) is invariant. By unrolling the definition of invariance in the previous fact, we obtain that the set ofconfigurations is invariant, the set of transitions −→ is invariant, and that the set of finalconfigurations F is invariant. . Clemente, S. Lasota, and R. Piórkowski 38:7 (cid:73) Fact 3.3 (Invariance of the language semantics) . The function c L A ( c ) from (cid:74) A (cid:75) tolanguages is invariant, i.e., for all timed permutations π , L A ( π ( c )) = π ( L A ( c )) . (cid:73) Fact 3.4 (Invariance of the language of a configuration) . The language L A ( p, µ, t ) is ( µ ( X ) ∪ { t } ) -invariant. Moreover, if A is always resetting, then L A ( p, µ, t ) is µ ( X ) -invariant. Since timed automorphisms preserve integer differences, only the fractional parts ofelements of S ⊆ R ≥ matter for S -invariance, and hence it makes sense to restrict to subsetsof the half-open interval [0 , fract ( S ) = { fract ( x ) | x ∈ S } ⊆ [0 ,
1) stand for the set offractional parts of elements of S . The following lemma shows that, modulo the irrelevantinteger parts, there is always the least set S witnessing S -invariance. (cid:73) Lemma 3.5.
For finite subsets
S, S ⊆ R ≥ , if a timed language L is both S -invariant and S -invariant, then it is also S -invariant where S = fract ( S ) ∩ fract ( S ) . The S -orbit of an element x ∈ X (which can be an arbitrary object on which the action oftimed automorphisms is defined) is the set orbit S ( x ) = { π ( x ) ∈ X | π ∈ Π S } of all elements π ( x ) which can be obtained by applying some S -automorphism to x . The orbit of x is justits S -orbit with S = ∅ , written orbit ( x ). Clearly x and x have the same S -orbit if, andonly if, π ( x ) = x for some π ∈ Π S . For greedily resetting nta , orbits of single configurationsare in bijective correspondence with bounded regions. (cid:73) Fact 3.6.
Assume A is a greedily resetting nta k,m . Two reachable configurations ( p, µ, t ) and ( p, µ , t ) of A with the same control location p have the same orbit if, and only if, thecorresponding clock valuations t − µ and t − µ belong to the same k, m -region. The S -closure of a set Y , written Π S ( Y ) = S x ∈ Y orbit S ( x ), is the union of the S -orbitsof all its elements. The following fact characterises invariance in term of closures. (cid:73) Fact 3.7.
A set Y is S -invariant if, and only if, Π S ( Y ) = Y . Proof.
Only if direction follows by the definition of S -invariance. For the converse directionobserve that Π S ( X ) = X implies π ( X ) ⊆ X for every π ∈ Π S . The opposite inclusion followsby closure of S -timed automorphisms under inverse: π − ( X ) ⊆ X , hence X ⊆ π ( X ). (cid:74) dta k and dta k,m membership for nta In this section we prove Theorem 1.1 thus establishing decidability of the dta k and dta k,m membership problems for nta . Both results are shown using the following key characterisa-tion of dta k languages as a subclass of nta languages. In particular, this characterisationprovides a small bound on the number of control locations of a dta k equivalent to a given nta (if any exists). (cid:73) Lemma 4.1.
Let A be a nta ,m with n control locations, and let k ∈ N . The followingconditions are equivalent: L ( A ) = L ( B ) for some always resetting dta k B . For every timed word w , there is S ⊆ R ≥ of size at most k s.t. the last timestamp of w is in S and w − L ( A ) is S -invariant. L ( A ) = L ( B ) for some always resetting dta k,m B with at most f ( k, m, n ) = Reg ( k, m ) · n (2 km +1) control locations ( Reg ( k, m ) stands for the number of k, m -regions). The proof of Theorem 1.1 builds on Lemma 4.1 and on the following fact:
C O N C U R 2 0 2 0 (cid:73)
Lemma 4.2.
The dta k and dta k,m membership problems are both decidable for dta languages. Proof.
We reduce to a deterministic separability problem. Recall that a language S separates two languages L, M if L ⊆ S and S ∩ M = ∅ . It has recently been shown that the dta k and dta k,m separability problems are decidable for nta [19, Theorem 1.1], and thus, in particular,for dta . To solve the membership problem, given a dta A , the procedure computes a dta A recognising the complement of L ( A ) and checks whether A and A are dta k separable(resp., dta k,m separable) by using the result above. It is a simple set-theoretic observationthat L ( A ) is a dta k language if, and only if, the languages L ( A ) and L ( A ) are separated bysome dta k language, and likewise for dta k,m languages. (cid:74) Proof of Theorem 1.1.
We solve both problems in essentially the same way. Given a nta ,m A , the decision procedure enumerates all always resetting dta k +1 ,m B with at most f ( k, m, n )locations and checks whether L ( A ) = L ( B ) (which is decidable by [38]). If no such dta k +1 B is found, the L ( A ) is not an always resetting dta k +1 language, due to Lemma 4.1, andhence forcedly is not a dta k language either; the procedure therefore answers negatively.Otherwise, in case when such a dta k +1 B is found, then dta k membership (resp. dta k,m membership) test is performed on B , decidable due to Lemma 4.2. (cid:74)(cid:73) Remark 4.3 (Complexity).
The decision procedure for nta invokes the HyperAcker-mann subroutine of [38] to check equivalence between a nta and a candidate dta . This isin a sense unavoidable, since we show in Lemma 5.5 that the dta k and dta k,m membershipproblems are HyperAckermann -hard for nta .In the rest of this section we present the proof of Lemma 4.1. Let us fix a nta ,m A = (Σ , L , { x } , I , F , ∆), where m is the greatest constant used in clock constraints in A , and k ∈ N . We assume w.l.o.g. that A is greedily resetting: This is achieved by resetting theclock as soon as upon reading an input symbol its value becomes greater than m or is aninteger ≤ m ; we can record in the control location the actual integral value if it is ≤ m , or aspecial flag otherwise. Consequently, after every discrete transition the value of the clock isat most m , and if it is an integer then it equals 0.The implication 3 = ⇒ ⇒ L ( A ) = L ( B ) for a total always resetting dta k B . Every left quotient w − L ( A )equals L B ( c ) for some configuration c , hence Point 2 follows by Fact 3.4. Here we use thefact that B is always resetting in order to apply the second part of Fact 3.4; without theassumption, we would only have S -invariance for sets S of size at most k + 1.It thus remains to prove the implication 2 = ⇒
3, which will be the content of the restof the section. Assuming Point 2, we are going to define an always resetting dta k,m B with clocks X = { x , . . . , x k } and with at most f ( k, m, n ) locations such that L ( B ) = L ( A ).We start from the timed transition system X obtained by the finite powerset constructionunderlying the determinisation of A , and then transform this transition system gradually,while preserving its language, until it finally becomes isomorphic to the reachable part of (cid:74) B (cid:75) for some dta k,m B . As the last step we extract from this deterministic timed transitionsystem a syntactic definition of B and prove equality of their languages. This is achievabledue to the invariance properties witnessed by the transition systems in the course of thetransformation. Macro-configurations.
Configurations of the nta A are of the form c = ( p, u, t ) where u, t ∈ R ≥ and u ≤ t . A macro-configuration is a (not necessarily finite) set X of . Clemente, S. Lasota, and R. Piórkowski 38:9 configurations ( p, u, t ) of A which share the same value of the current timestamp t , whichwe denote as now ( X ) = t . We use the notation L A ( X ) := S c ∈ X L A ( c ). Let succ a,t ( X ) := n c ∈ (cid:74) A (cid:75) (cid:12)(cid:12)(cid:12) c a,t −−→ c for some c ∈ X o be the set of successors of configurations in X . Wedefine a deterministic timed transition system X consisting of the macro-configurationsreachable in the course of determinisation of A . Let X be the smallest set of macro-configurations and transitions such that X contains the initial macro-configuration: X = { ( p, , | p ∈ I } ∈ X ; X is closed under successor: for every X ∈ X and ( a, t ) ∈ Σ × R ≥ , there is a transition X a,t −−→ succ a,t ( X ) in X .Due to the fact that (cid:74) A (cid:75) is finitely branching, i.e. succ a,t ( { c } ) is finite for every fixed( a, t ), all macro-configurations X ∈ X are finite. Let the final configurations of X be F X = { X ∈ X | X ∩ F = ∅} . (cid:66) Claim 4.4. L A ( X ) = L X ( X ) for every X ∈ X . In particular L ( A ) = L X ( X ).For a macro-configuration X we write Val ( X ) := { u | ( p, u, now ( X )) ∈ X } ∪ { now ( X ) } todenote the reals appearing in X . Since A is greedily resetting, every macro-configuration X ∈ X satisfies Val ( X ) ⊆ ( now ( X ) − m, now ( X )]. Whenever a macro-configuration X satisfies this condition we say that the span of X is bounded by m . Pre-states.
By assumption (Point 2), L A ( X ) is S -invariant for some S of size at most k ,but the macro-configuration X itself needs not be S -invariant in general. Indeed, a finitemacro-configuration X ∈ X is S -invariant if, and only if, fract ( Val ( X )) ⊆ fract ( S ), which isimpossible in general when X is arbitrarily large, its span is bounded (by m ), and size of S is bounded (by k ). Intuitively, in order to assure S -invariance we will replace X by its S -closure Π S ( X ) (recall Fact 3.7).A set S ⊆ R ≥ is fraction-independent if it contains no two reals with the same fractionalpart. A pre-state is a pair Y = ( X, S ), where X is an S -invariant macro-state, and S is afinite fraction-independent subset of Val ( X ) that contains now ( X ). The intuitive rationalebehind assuming the S -invariance of X is that it implies, together with the bounded spanof X and bounded size of S , that there are only finitely many pre-states, up to timedautomorphism. We define the deterministic timed transition system Y as the smallest set ofpre-states and transitions between them such that: Y contains the initial pre-state: Y = ( X , { } ) ∈ Y ; Y is closed under the closure of successor: for every ( X, S ) ∈ Y and ( a, t ) ∈ Σ × R ≥ ,there is a transition ( X, S ) a,t −−→ ( X , S ), where S is the least, with respect to setinclusion, subset of S ∪ { t } containing t such that the language L = ( a, t ) − L A ( X ) = L A ( succ a,t ( X )) is S -invariant, and X = Π S ( succ a,t ( X )). (cid:73) Example 4.5.
Suppose k = 3, m = 2, succ a,t ( X ) = { ( p, . , , ( q, . , , ( r, . , } and S = { . , . , } . Then X = { ( p, . , } ∪ { ( q, t, | t ∈ (3 . , } ∪ { ( r, . , } . now ( X ) =5. A corresponding state is ( X , µ ), where µ = { x . , x . , x } .Observe that the least such fraction-independent subset S exists due to the following facts:as X is S -invariant, due to Fact 3.3 so is its language L A ( X ), and hence L is necessarily( S ∪ { t } )-invariant; by assumption (Point 2), L is R -invariant for some set R ⊆ R ≥ of sizeat most k containing t ; let T ⊆ R ≥ be the least set given by Lemma 3.5, i.e., fract ( T ) ⊆ C O N C U R 2 0 2 0 fract ( S ) ∩ fract ( R ); and finally let S ⊆ S be chosen so that fract ( S ) = fract ( T ∪ { t } ). Dueto fraction-independence of S the choice is unique, S is fraction-independent, and t ∈ S .Furthermore, the size of S is at most k . By Fact 3.3, we deduce: (cid:66) Claim 4.6 (Invariance of Y ). For every two transitions ( X , S ) a,t −−→ ( X , S ) and( X , S ) a,t −−→ ( X , S ) in Y and a timed permutation π , if π ( X ) = X and π ( S ) = S and π ( t ) = t , then we have π ( X ) = X and π ( S ) = S .Let the final configurations of Y be F Y = { ( X, S ) ∈ Y | X ∩ F = ∅} . By induction on thelength of timed words it is easy to show: (cid:66) Claim 4.7. L X ( X ) = L Y ( Y ).Due to the assumption that A is greedily resetting and due to Point 2, in every pre-state( X, S ) ∈ Y the span of X is bounded by m and the size of S is bounded by k . States.
We now introduce states , which are designed to be in one-to-one correspondencewith configurations of the forthcoming dta k B . Intuitively, a state differs from a pre-state( X, S ) only by allocating the values from S into k clocks, thus while a pre-state contains a set S , the corresponding state contains a clock assignment µ : X → R ≥ with image µ ( X ) = S .Let X = { x , . . . , x k } be a set of k clocks. A state is a pair Z = ( X, µ ), where X is amacro-configuration, µ : X → Val ( X ) is a clock reset-point assignment, µ ( X ) is a fraction-independent set containing now ( X ), and X is µ ( X )-invariant. Thus every state Z = ( X, µ )determines uniquely a corresponding pre-state σ ( Z ) = ( X, S ) with S = µ ( X ). We define thedeterministic timed transition system Z consisting of those states Z s.t. σ ( Z ) ∈ Y , and oftransitions determined as follows: ( X, µ ) a,t −−→ ( X , µ ) if the corresponding pre-state has atransition ( X, S ) a,t −−→ ( X , S ) in Y , where S = µ ( X ), and µ ( x i ) := ( t if µ ( x i ) / ∈ S or µ ( x i ) = µ ( x j ) for some j > iµ ( x i ) otherwise. (3)Intuitively, the equation (3) defines a deterministic update of the clock reset-point assignment µ that amounts to resetting ( µ ( x i ) := t ) all clocks x i whose value is either no longer needed(because µ ( x i ) / ∈ S ), or is shared with some other clock x j , for j > i and is thus redundant.Due to this disciplined elimination of redundancy, knowing that t ∈ S and the size of S is atmost k , we ensure that at least one clock is reset in every step. In consequence, µ ( X ) = S ,and the forthcoming dta k B will be always resetting. Using Claim 4.6 we derive: (cid:66) Claim 4.8 (Invariance of Z ). For every two transitions ( X , µ ) a,t −−→ ( X , µ ) and( X , µ ) a,t −−→ ( X , µ ) in Z and a timed permutation π , if π ( X ) = X and π ◦ µ = µ and π ( t ) = t , then we have π ( X ) = X and π ◦ µ = µ .Let the initial state be Z = ( X , µ ), where µ ( x i ) = 0 for all x i ∈ X , and let final statesbe F Z = { ( X, µ ) ∈ Z | X ∩ F = ∅} . By induction on the length of timed words one proves: (cid:66) Claim 4.9. L Y ( Y ) = L Z ( Z ).In the sequel we restrict Z to states reachable from Z . In every state Z = ( X, µ ) in Z , wehave now ( X ) ∈ µ ( X ). This will ensure the resulting dta k B to be always resetting. . Clemente, S. Lasota, and R. Piórkowski 38:11 Orbits of states.
While a state is designed to correspond to a configuration of the forthcom-ing dta k B , its orbit is designed to play the role of control location of B . We therefore needto prove that the set of states in Z is orbit-finite, i.e., the set of orbits { orbit ( Z ) | Z ∈ Z} is finite and its size is bounded by f ( k, m, n ). We start by deducing an analogue of Fact 3.6: (cid:66) Claim 4.10.
For two states Z = ( X, µ ) and Z = ( X , µ ) in Z , their clock assignmentsare in the same orbit, i.e., π ◦ µ = µ for some π ∈ Π, if, and only if, the corresponding clockvaluations now ( X ) − µ and now ( X ) − µ belong to the same k, m -region.(In passing note that, since in every state ( X, µ ) in Z the span of X is bounded by m , onlybounded k, m -regions can appear in the last claim. Moreover, in each of k, m -regions oneof clocks equals 0.) The action of timed automorphisms on macro-configurations and clockassignments is extended to states as π ( X, µ ) = ( π ( X ) , π ◦ µ ). Recall that the orbit of a state Z is defined as orbit ( Z ) = { π ( Z ) | π ∈ Π } . (cid:66) Claim 4.11.
The number of orbits of states in Z is bounded by f ( k, m, n ). Proof.
We finitely represent a state Z = ( X, µ ), relying on the following general fact. (cid:73)
Fact 4.12.
For every u ∈ R ≥ and S ⊆ R ≥ , the S -orbit orbit S ( u ) is either the singleton { u } (when u ∈ S ) or an open interval with ends-points of the form t + z where t ∈ S and z ∈ Z (when u / ∈ S ). We apply the fact above to S = µ ( X ). In our case the span of X is bounded by m ,and thus the same holds for µ ( X ). Consequently, the integer z in the fact above alwaysbelongs to {− m, − m +1 , . . . , m } . In turn, X splits into disjoint µ ( X )-orbits orbit µ ( X ) ( u )consisting of open intervals separated by endpoints of the form t + z where t ∈ µ ( X ) and z ∈ {− m, − m +1 , . . . , m } . (cid:73) Example 4.13.
Continuing Example 4.5, the endpoints are { , . , . , , . , . , } , asshown in the illustration:Recall that µ ( X ) is fraction-independent. Let e < e < · · · < e l +1 be all the endpoints of open-interval orbits ( l ≤ km ), and let o , o , o , . . . := { e } , ( e , e ) , { e } , . . . be the consecutive S -orbits orbit µ ( X ) ( u ) of elements u ∈ µ ( X ). The number thereof is 2 l + 1 ≤ km + 1. Thefinite representation of Z = ( X, µ ) consists of the pair (
O, µ ), where O = { ( o , P ) , . . . , ( o l +1 , P l +1 ) } (4)assigns to each orbit o i the set of locations P i = { p | ( p, u, t ) ∈ X for some u ∈ o i } ⊆ L , (which is the same as P i = { p | ( p, u, t ) ∈ X for all u ∈ o i } since X is µ ( X )-invariant, andhence µ ( X )-closed). Thus a state Z = ( X, µ ) is uniquely determined by the sequence O asin (4) and the clock assignment µ . The orbits of states Z should not be confused with S -orbits of individual reals u ∈ R ≥ . C O N C U R 2 0 2 0
We claim that the set of all the finite representations (
O, µ ), as defined above, is orbit-finite.Indeed, the orbit of (
O, µ ) is determined by the orbit of µ and the sequence P , P , . . . , P km +1 (5)induced by the assignment O as in (4). Therefore, the number of orbits is bounded by thenumber of orbits of µ (which is bounded, due to Claim 4.10, by Reg ( k, m )) times the numberof different sequences of the form (5) (which is bounded by (2 n ) km +1 ). This yields therequired bound f ( k, m, n ) = Reg ( k, m ) · n (2 km +1) . (cid:74) Construction of the dta . As the last step we define a dta k B = (Σ , L , X , { o } , F , ∆ ) suchthat the reachable part of (cid:74) B (cid:75) is isomorphic to Z . Let locations L = { orbit ( Z ) | Z ∈ Z} be orbits of states from Z , the initial location be the orbit o of Z , and final locations F = { orbit ( Z ) | Z ∈ F Z } be orbits of final states. A transition Z = ( X, µ ) a,t −−→ ( X , µ ) = Z in Z induces a transition rule in B ( o, a, ψ, Y , o ) ∈ ∆ (6)whenever o = orbit ( Z ), o = orbit ( Z ), ψ is the unique k, m -region satisfying t − µ ∈ (cid:74) ψ (cid:75) ,and Y = { x i ∈ X | µ ( x i ) = t } . The automaton B is indeed a dta since o , a and ψ uniquelydetermine Y and o : (cid:66) Claim 4.14.
Suppose that two transitions ( X , µ ) a,t −−→ ( X , µ ) and ( X , µ ) a,t −−→ ( X , µ )in Z induce transition rules ( o, a, ψ, Y , o ) , ( o, a, ψ, Y , o ) ∈ ∆ with the same source location o and constraint ψ , i.e, t − µ ∈ (cid:74) ψ (cid:75) t − µ ∈ (cid:74) ψ (cid:75) . (7)Then the target locations are equal o = o , and the same for the reset sets Y = Y . Proof.
We use the invariance of semantics of A and Claim 4.8. Let o = orbit ( X , µ ) = orbit ( X , µ ). Thus there is a timed automorphism π such that X = π ( X ) µ = π ◦ µ . (8)It suffices to show that there is a (possibly different) timed permutation σ satisfying thefollowing equalities: t = σ ( t ) { i | µ ( x i ) = t } = { i | µ ( x i ) = t } µ = σ ◦ µ X = σ ( X ) . (9)We now rely the fact that both t = now ( X ) ∈ µ ( X ) and t = now ( X ) ∈ µ ( X ) areassigned to (the same) clock due to the second equality in (8): t = µ ( x i ) and t = µ ( x i ).We focus on the case when t − t ≤ m (the other case is similar but easier as all clockare reset due to greedy resetting), which implies t − t ≤ m due to (7). In this case wemay assume w.l.o.g., due to (7) and the equalities (8), that π is chosen so that π ( t ) = t .We thus take σ = π for proving the equalities (9). Being done with the first equality, weobserve that the last two equalities in (9) hold due to the invariance of Z (cf. Claim 4.8).The remaining second equality in (9) is a consequence of the third one. (cid:74)(cid:66) Claim 4.15.
Let Z = ( X, µ ) and Z = ( X , µ ) be two states in Z with the same clockassignment. If π ( X ) = X and π ◦ µ = µ for some timed automorphism π then X = X . (cid:66) Claim 4.16. Z is isomorphic to the reachable part of (cid:74) B (cid:75) . . Clemente, S. Lasota, and R. Piórkowski 38:13 Proof.
For a state Z = ( X, µ ), let c ( Z ) = ( o, µ, t ), where o = orbit ( Z ) and t = now ( X ).By Claim 4.15, the mapping c (_) is a bijection between Z and its image c ( Z ) ⊆ (cid:74) B (cid:75) . By(6), Z is isomorphic to a subsystem of the reachable part of (cid:74) B (cid:75) . The converse inclusionfollows by the observation that Z is total: for every ( a , t ) . . . ( a n , t n ) ∈ T (Σ), there is asequence of transitions ( X , µ ) a ,t −−−→ · · · a n ,t n −−−→ in Z . (cid:74) Claims 4.4, 4.7, 4.9, and 4.16 prove L ( A ) = L ( B ). In this section we complete the decidability status of the deterministic membership problem byproviding matching undecidability and hardness results. In Section 5.1 we prove undecidabilityof the dta m embership problem for nta (c.f. Theorem 1.2) and in Section 5.2 we prove HyperAckermann -hardness of the dta k membership problem for nta (c.f. Theorem 1.3). dta and dta _ ,m membership for nta It has been shown in [23, Theorem 1] that it is undecidable whether a nta k timed languagecan be recognised by some dta , for any fixed k ≥
2. This was obtained by a reductionfrom the nta k universality problem, which is undecidable for any fixed k ≥
2. While theuniversality problem becomes decidable for k = 1, we show in this section that, as announcedin Theorem 1.2, the dta membership problem remains undecidable for nta .Since the universality problem for nta is decidable, we need to reduce from another(undecidable) problem. Our candidate is the finiteness problem of lossy counter machines,which is undecidable [36, Theorem 13]. A k -counters lossy counter machine ( k - LCM ) is atuple M = ( C, Q, q , ∆), where C = { c , . . . , c k } is a set of k counters, Q is a finite set ofcontrol locations, q ∈ Q is the initial control location, and ∆ is a finite set of instructionsof the form ( p, op , q ), where op is one of c ++ , c – , and c ? =
0. A configuration of an
LCM M is a pair ( p, u ), where p ∈ Q is a control location, and u ∈ N C is a counter valuation. Fortwo counter valuations u, v ∈ N C , we write u ≤ v if u ( c ) ≤ v ( c ) for every counter c ∈ C .The semantics of an LCM M is given by a (potentially infinite) transition system over theconfigurations of M s.t. there is a transition ( p, u ) δ −→ ( q, v ), for δ = ( p, op , q ) ∈ ∆, whenever1) op = c ++ and v ≤ u [ c u ( c ) + 1], or 2) op = c – and v ≤ u [ c u ( c ) − op = c ? = u ( c ) = 0 and v ≤ u . The finiteness problem (a.k.a. space boundedness) for an LCM M asks to decide whether the reachability set Reach( M ) = { ( p, u ) | ( q , u ) −→ ∗ ( p, u ) } is finite,where u is the constantly 0 counter valuation. (cid:73) Theorem 5.1 ([36, Theorem 13]) . The - LCM finiteness problem is undecidable.
We use the following encoding of
LCM runs as timed words over the alphabet Σ = Q ∪ ∆ ∪ C (c.f. [34, Definition 4.6] for a similar encoding). We interpret a counter valuation u ∈ N C asthe word over Σ u = c c · · · c | {z } u ( c ) letters c c · · · c | {z } u ( c ) letters c c · · · c | {z } u ( c ) letters c c · · · c | {z } u ( c ) letters . With this interpretation, we encode an
LCM run π = ( p , u ) δ −→ ( p , u ) δ −→ · · · δ n −→ ( p n , u n )as the following timed word, called the reversal-encoding of π , p n δ n u n · · · p δ u p u , C O N C U R 2 0 2 0 s.t. p n occurs at time 0, for every 1 ≤ i < n , p i occurs exactly after one time unit since p i +1 ,and if a “unit” of counter c did not disappear due to lossiness when going from u i to u i +1 ,then the timestamps of the corresponding occurrences of letter c in u i and u i +1 are also atdistance one (and similarly for the other counters). Under the encoding above, we can builda nta A recognising the complement of the set of reversal-encodings of the runs of M ([34]for more details about the construction of A ). Intuitively, when reading the reversal-encodingof a run of M , the counters are allowed to spontaneously increase. Therefore, the only kindof error that A must verify is that some counter spontaneously decreases. This can be doneby guessing an occurrence of letter (say) c in the current configuration which does not havea corresponding occurrence in the next configuration after exactly one time unit. This checkcan be performed by an nta with one clock. (cid:73) Lemma 5.2.
The set of reachable configurations Reach ( M ) is finite if, and only if, L ( A ) is a deterministic timed language. Since the timed automaton constructed in the proof uses only constant 1, the reductionworks also for the dta _ ,m membership problem for every m > (cid:73) Corollary 5.3.
For every fixed m > , the dta _ ,m membership problem for nta languagesis undecidable. This result is the best possible in terms of the parameter m since the problem becomesdecidable for m = 0. In fact, the class of dta k, languages coincides with the class of dta , languages (one clock is sufficient; c.f. [38, Lemma 19]), and thus dta _ , membership reducesto dta , membership, which is decidable for nta by Theorem 1.1. (cid:73) Remark 5.4.
We observe that the reduction above uses a large alphabet Σ whose sizedepends on the input
LCM M . In fact, an alternative encoding exists using a unary alphabetΣ = { a } . Let the input LCM M have control locations Q = { p , . . . , p m } and instructions∆ = { δ , . . . , δ n } . An LCM configuration p j δ k u is represented by the timed word consistingof 6 blocks a · · · a | {z } j letters a · · · a | {z } k letters a · · · a | {z } u ( c ) letters a · · · a | {z } u ( c ) letters a · · · a | {z } u ( c ) letters a · · · a | {z } u ( c ) letters s.t. in each block thelast a is at timed distance exactly one from the last a of the previous block. A unit of counter c now repeats at distance 6 in the next configuration (instead of 1). This shows that the dta membership problem is undecidable for nta using maximal constant m = 6 over aunary alphabet. dta k and dta k,m membership All the lower bounds in this section are obtained by a reduction from the universality problemfor the respective language classes (does a given language L ⊆ T (Σ) satisfy L = T (Σ)?).The reduction is a suitable adaptation, generalization, and simplification of [23, Theorem 1]showing undecidability of dta membership for nta languages.A timed language L is timeless if L = L ( A ) for A ∈ nta a timed automaton with noclocks (hence timestamps appearing in input words are irrelevant for acceptance). For twolanguages L ⊆ T (Σ) and M ⊆ T (Γ), and a fresh alphabet symbol $ Σ ∪ Γ, we define their composition L (cid:66) { $ } (cid:66) M to be the following timed language over Σ = Σ ∪ { $ } ∪ Γ: L (cid:66) { $ } (cid:66) M = { v ($ , t )( a , t + t ) . . . ( a n , t n + t ) ∈ T (Σ ) | v ∈ L, ( a , t ) . . . ( a n , t n ) ∈ M } . (cid:73) Lemma 5.5.
Let k, m ∈ N and let Y be a class of timed languages that contains all the timeless timed languages, . Clemente, S. Lasota, and R. Piórkowski 38:15 is closed under union and composition, and contains some non- dta k (resp. non- dta k,m ) language.The universality problem for languages in Y reduces in polynomial time to the dta k (resp. dta k,m ) membership problem for languages in Y . We immediately obtain Theorem 1.3 as a corollary of Lemma 5.5, thanks to the followingobservations. First, the lemma is applicable by taking as Y the classes of languages recognisedby nta since this class contains all timeless timed languages, is closed under union andcomposition, and is not included in dta k for any k nor in dta k,m for any k, m (c.f. the nta language from Example 2.1 which is not recognised by any dta ). Second, HyperAcker-mann -hardness of the universality problem for nta follows form the same lower boundfor the reachability problem in lossy channel systems [17, Theorem 5.5], together with thereduction from this problem to universality of nta given in [34, Theorem 4.1].Since the universality problem is undecidable for nta [3, Theorem 5.2] and nta ε ( nta with epsilon steps) [34, Theorem 5.3], using the same reasoning we can apply Lemma 5.5to observe that the dta k and dta k,m membership problems are undecidable for nta and nta ε , which refines the analysis of [23, Theorem 1]. We have shown decidability and undecidability results for several variants of the deterministicmembership problem for timed automata. Regarding undecidability, we have extended thepreviously known results [23, 43] by proving that the dta membership problem is undecidablealready for nta (Theorem 1.2), and, over a unary input alphabet, it is undecidable for nta ,m with m ≥ m guaranteeing undecidability. Regarding decidability, we have shown that when the resourcesavailable to the deterministic automaton are fixed (either just the number of clocks k , or bothclocks k and maximal constant m ), then the respective deterministic membership problem isdecidable (Theorem 1.1) and HyperAckermann -hard (Theorem 1.3).Our deterministic membership algorithm is based on a characterisation of nta languageswhich happen to be dta k (Lemma 4.1), which is proved using a semantic approach leveragingon notions from the theory of sets with atoms [12]. Analogous decidability results for registerautomata can be obtained with similar techniques. It would be interesting to compare thisapproach to the syntactic determinisation method of [7].Finally, our decidability results extend to the slightly more expressive class of alwaysresetting nta , which have intermediate expressive power strictly between nta and nta . C O N C U R 2 0 2 0
References https://siglog.org/the-2016-alonzo-church-award-for-outstanding-contributions-to-logic-and-computation/, 2016. S. Akshay, Paul Gastin, and Shankara Narayanan Krishna. Analyzing Timed Systems UsingTree Automata.
Logical Methods in Computer Science , Volume 14, Issue 2, May 2018. URL: https://lmcs.episciences.org/4489 , doi:10.23638/LMCS-14(2:8)2018 . Rajeev Alur and David L. Dill. A theory of timed automata.
Theor. Comput. Sci. , 126:183–235,1994. Rajeev Alur, Limor Fix, and Thomas A. Henzinger. Event-clock automata: a determinizableclass of timed automata.
Theor. Comput. Sci. , 211:253–273, January 1999. Eugene Asarin and Oded Maler. As soon as possible: Time optimal control for timed automata.In
Proc. of HSCC’99 , HSCC ’99, pages 19–30, London, UK, UK, 1999. Springer-Verlag. URL: http://dl.acm.org/citation.cfm?id=646879.710314 . Eugene Asarin, Oded Maler, Amir Pnueli, and Joseph Sifakis. Controller synthesis for timedautomata. In
Proc. of the 5th IFAC Conference on System Structure and Control (SSSC’98) ,volume 31, pages 447–452, 1998. URL: , doi:https://doi.org/10.1016/S1474-6670(17)42032-5 . Christel Baier, Nathalie Bertrand, Patricia Bouyer, and Thomas Brihaye. When are timedautomata determinizable? In Susanne Albers, Alberto Marchetti-Spaccamela, Yossi Matias,Sotiris Nikoletseas, and Wolfgang Thomas, editors,
Proc of ICALP’09 , pages 43–54, Berlin,Heidelberg, 2009. Springer Berlin Heidelberg. Vince Bárány, Christof Löding, and Olivier Serre. Regularity problems for visibly pushdownlanguages. In
Proc. of STACS’06 , STACS’06, pages 420–431, Berlin, Heidelberg, 2006. Springer-Verlag. URL: http://dx.doi.org/10.1007/11672142_34 , doi:10.1007/11672142_34 . Gerd Behrmann, Alexandre David, Kim G. Larsen, John Hakansson, Paul Petterson, WangYi, and Martijn Hendriks. Uppaal 4.0. In
Proceedings of the 3rd International Conference onthe Quantitative Evaluation of Systems , QEST ’06, pages 125–126, Washington, DC, USA,2006. IEEE Computer Society. doi:10.1109/QEST.2006.59 . Nathalie Bertrand, Amélie Stainer, Thierry Jéron, and Moez Krichen. A game approach todeterminize timed automata.
Formal Methods in System Design , 46(1):42–80, 2015. doi:10.1007/s10703-014-0220-1 . Mikołaj Bojańczyk, Bartek Klin, and Sławomir Lasota. Automata theory in nominal sets.
Logical Methods in Computer Science , 10(3:4):paper 4, 2014. Mikolaj Bojańczyk and Sławomir Lasota. A machine-independent characterization of timedlanguages. In
Proc. ICALP 2012 , pages 92–103, 2012. Patricia Bouyer, Fabrice Chevalier, and Deepak D’Souza. Fault diagnosis using timed automata.In
Proc. of FOSSACS’05 , pages 219–233, Berlin, Heidelberg, 2005. Springer-Verlag. doi:10.1007/978-3-540-31982-5_14 . Thomas Brihaye, Thomas A. Henzinger, Vinayak S. Prabhu, and Jean-François Raskin.Minimum-time reachability in timed games. In Lars Arge, Christian Cachin, Tomasz Jurdziński,and Andrzej Tarlecki, editors,
In Proc. of ICALP’07 , pages 825–837, Berlin, Heidelberg, 2007.Springer Berlin Heidelberg. Michaël Cadilhac, Alain Finkel, and Pierre McKenzie. On the expressiveness of Parikhautomata and related models. In Rudolf Freund, Markus Holzer, Carlo Mereghetti, FriedrichOtto, and Beatrice Palano, editors,
Proc. of NCMA’11 , volume 282 of [email protected] , pages103–119. Austrian Computer Society, 2011. Franck Cassez, Alexandre David, Emmanuel Fleury, Kim G. Larsen, and Didier Lime. Ef-ficient on-the-fly algorithms for the analysis of timed games. In Martín Abadi and Lucade Alfaro, editors,
Proc. of CONCUR’05 , pages 66–80, Berlin, Heidelberg, 2005. SpringerBerlin Heidelberg. Pierre Chambart and Philippe Schnoebelen. The ordinal recursive complexity of lossy channelsystems. In
Proc. of LICS’08 , pages 205–216, 2008. . Clemente, S. Lasota, and R. Piórkowski 38:17 Lorenzo Clemente, Piotr Hofman, and Patrick Totzke. Timed Basic Parallel Processes. InWan Fokkink and Rob van Glabbeek, editors,
Proc. of CONCUR’19 , volume 140 of
LeibnizInternational Proceedings in Informatics (LIPIcs) , pages 15:1–15:16, Dagstuhl, Germany, 2019.Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik. URL: http://drops.dagstuhl.de/opus/volltexte/2019/10917 , doi:10.4230/LIPIcs.CONCUR.2019.15 . Lorenzo Clemente, Sławomir Lasota, and Radosław Piórkowski. Timed games and deterministicseparability. In
Proc. of ICALP 2020 , pages 121:1–121:16, 2020. Hubert Comon and Yan Jurski. Timed automata and the theory of real numbers. In
Proc. ofCONCUR’99 , pages 242–257, London, UK, UK, 1999. Springer-Verlag. C. Dima. Computing reachability relations in timed automata. In
Proc. of LICS’02 , pages177–186, 2002. John Fearnley and Marcin Jurdziński. Reachability in two-clock timed automata isPSPACE-complete.
Information and Computation , 243:26–36, 2015. URL: , doi:http://dx.doi.org/10.1016/j.ic.2014.12.004 . Olivier Finkel. Undecidable problems about timed automata. In
Proc. of FORMATS’06 ,pages 187–199, Berlin, Heidelberg, 2006. Springer-Verlag. URL: http://dx.doi.org/10.1007/11867340_14 , doi:10.1007/11867340_14 . Martin Fränzle, Karin Quaas, Mahsa Shirmohammadi, and James Worrell. Effective definabil-ity of the reachability relation in timed automata.
Information Processing Letters , 153:105871,2020. URL: , doi:https://doi.org/10.1016/j.ipl.2019.105871 . Laurent Fribourg. A closed-form evaluation for extended timed automata. Technical report,CNRS & ECOLE NORMALE SUPERIEURE DE CACHAN, 1998. Paul Gastin, Sayan Mukherjee, and B. Srivathsan. Reachability in Timed Automata withDiagonal Constraints. In Sven Schewe and Lijun Zhang, editors,
Proc. of CONCUR’18 ,volume 118 of
Leibniz International Proceedings in Informatics (LIPIcs) , pages 28:1–28:17,Dagstuhl, Germany, 2018. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik. URL: http://drops.dagstuhl.de/opus/volltexte/2018/9566 , doi:10.4230/LIPIcs.CONCUR.2018.28 . Paul Gastin, Sayan Mukherjee, and B. Srivathsan. Fast algorithms for handling diagonalconstraints in timed automata. In Isil Dillig and Serdar Tasiran, editors,
Computer AidedVerification , pages 41–59, Cham, 2019. Springer International Publishing. Stefan Göller and Paweł Parys. Bisimulation finiteness of pushdown systems is elementary. In
Proc. of LICS’20 , pages 521–534, 2020. R. Govind, Frédéric Herbreteau, B. Srivathsan, and Igor Walukiewicz. Revisiting Local TimeSemantics for Networks of Timed Automata. In Wan Fokkink and Rob van Glabbeek, editors,
Proc. of CONCUR 2019 , volume 140 of
Leibniz International Proceedings in Informatics(LIPIcs) , pages 16:1–16:15, Dagstuhl, Germany, 2019. Schloss Dagstuhl–Leibniz-Zentrum fuerInformatik. URL: http://drops.dagstuhl.de/opus/volltexte/2019/10918 , doi:10.4230/LIPIcs.CONCUR.2019.16 . Frédéric Herbreteau, B. Srivathsan, and Igor Walukiewicz. Better abstractions for timed auto-mata.
Information and Computation , 251:67–90, 2016. URL: , doi:https://doi.org/10.1016/j.ic.2016.07.004 . Marcin Jurdziński and Ashutosh Trivedi. Reachability-time games on timed automata. In
In Proc. of ICALP’07 , pages 838–849, Berlin, Heidelberg, 2007. Springer-Verlag. URL: http://dl.acm.org/citation.cfm?id=2394539.2394637 . Pavel Krčál and Radek Pelánek. On sampled semantics of timed systems. In Sundar Sarukkaiand Sandeep Sen, editors,
In Proc. of FSTTCS’05 , volume 3821 of
LNCS , pages 310–321.Springer, 2005. URL: http://dx.doi.org/10.1007/11590156_25 . C O N C U R 2 0 2 0 M. Kwiatkowska, G. Norman, and D. Parker. PRISM 4.0: Verification of probabilistic real-timesystems. In G. Gopalakrishnan and S. Qadeer, editors,
Proc. of CAV’11 , volume 6806 of
LNCS , pages 585–591. Springer, 2011. Slawomir Lasota and Igor Walukiewicz. Alternating timed automata.
ACM Trans. Comput.Logic , 9(2):10:1–10:27, 2008. URL: http://doi.acm.org/10.1145/1342991.1342994 , doi:10.1145/1342991.1342994 . Oded Maler and Amir Pnueli. On recognizable timed languages. In Igor Walukiewicz,editor,
Proc. of FOSSACS’04 , volume 2987 of
LNCS , pages 348–362. Springer BerlinHeidelberg, 2004. URL: http://dx.doi.org/10.1007/978-3-540-24727-2_25 , doi:10.1007/978-3-540-24727-2_25 . Richard Mayr. Undecidable problems in unreliable computations.
Theor. Comput. Sci. ,297(1-3):337–354, March 2003. URL: http://dx.doi.org/10.1016/S0304-3975(02)00646-1 , doi:10.1016/S0304-3975(02)00646-1 . Brian Nielsen and Arne Skou. Automated test generation from timed automata.
InternationalJournal on Software Tools for Technology Transfer , 5(1):59–77, Nov 2003. doi:10.1007/s10009-002-0094-1 . Joël Ouaknine and James Worrell. On the language inclusion problem for timed automata:Closing a decidability gap. In
Proc. of LICS’04 , pages 54–63, 2004. doi:10.1109/LICS.2004.1319600 . Joel Ouaknine and James Worrell. On the decidability and complexity of Metric TemporalLogic over finite words.
Logical Methods in Computer Science , Volume 3, Issue 1, February2007. URL: https://lmcs.episciences.org/2230 , doi:10.2168/LMCS-3(1:8)2007 . Jeffrey Shallit.
A Second Course in Formal Languages and Automata Theory . 2008. P. Vijay Suman, Paritosh K. Pandya, Shankara Narayanan Krishna, and Lakshmi Man-asa. Timed automata with integer resets: Language inclusion and expressiveness. In
Proc. of FORMATS’08 , pages 78—92, Berlin, Heidelberg, 2008. Springer-Verlag. doi:10.1007/978-3-540-85778-5_7 . Martin Tappler, Bernhard K. Aichernig, Kim Guldstrand Larsen, and Florian Lorber. Time tolearn - learning timed automata from tests. In Étienne André and Mariëlle Stoelinga, editors,
Proc. of FORMATS’19 , pages 216–235, Cham, 2019. Springer International Publishing. Stavros Tripakis. Folk theorems on the determinization and minimization of timed automata.
Inf. Process. Lett. , 99(6):222–226, September 2006. Leslie G. Valiant. Regularity and related problems for deterministic pushdown automata.
J. ACM , 22(1):1–10, January 1975. URL: http://doi.acm.org/10.1145/321864.321865 , doi:10.1145/321864.321865 . Rüdiger Valk and Guy Vidal-Naquet. Petri nets and regular languages.
Journal of Computerand System Sciences , 23(3):299–325, 1981. URL: , doi:http://dx.doi.org/10.1016/0022-0000(81)90067-2 . Sicco Verwer, Mathijs de Weerdt, and Cees Witteveen. An algorithm for learning real-timeautomata. In
Proc of. the Annual Belgian-Dutch Machine Learning Conference (Benelearn’078) ,2007.
A Proofs for Section 3 (cid:73)
Fact 3.2.
The timed transition system (cid:74) A (cid:75) is invariant. Proof.
Suppose c = ( p, µ, t ) a,t −−→ ( p , µ , t ) = c due to some transition rule of A whose clockconstraint ϕ compares values of clocks x , i.e., the differences t − µ ( x ), to integers. Sincea timed automorphism π preserves integer distances, the same clock constraint is satisfiedin π ( c ) = ( p, π ◦ µ, π ( t )), and therefore the same transition rule is applicable yielding thetransition ( p, π ◦ µ, π ( t )) a,π ( t ) −−−−→ ( p, π ◦ µ , π ( t )) = π ( c ). (cid:74) . Clemente, S. Lasota, and R. Piórkowski 38:19 (cid:73) Fact 3.4 (Invariance of the language of a configuration) . The language L A ( p, µ, t ) is ( µ ( X ) ∪ { t } ) -invariant. Moreover, if A is always resetting, then L A ( p, µ, t ) is µ ( X ) -invariant. Proof.
This is a direct consequence of the invariance of semantics. Indeed, for every( µ ( X ) ∪ { t } )-timed permutation π the configurations c = ( p, µ, t ) and π ( c ) = ( p, π ◦ µ, π ( t ))are equal, hence their languages L A ( c ) and L A ( π ( c )), the latter equal to π ( L A ( c )) by Fact 3.3,are equal too. Thus, L = π ( L ). Finally, if A is always resetting, then t ∈ µ ( X ), from whichthe second claim follows. (cid:74)(cid:73) Fact 3.3 (Invariance of the language semantics) . The function c L A ( c ) from (cid:74) A (cid:75) tolanguages is invariant, i.e., for all timed permutations π , L A ( π ( c )) = π ( L A ( c )) . Proof.
Consider a timed permutation π and an accepting run of A over a timed word w = ( a , t ) . . . ( a n , t n ) ∈ T ≥ t (Σ) starting in c = ( p, µ, t ):( p, µ, t ) a ,t −−−→ · · · a n ,t n −−−→ ( q, ν, t n ) , After a i is read, the value of each clock is either the difference t i − µ ( x ) for some 1 ≤ i ≤ n and clock x ∈ X , or the difference t i − t j for some 1 ≤ j ≤ i . Likewise is the difference ofvalues of any two clocks. Thus clock constraints of transition rules used in the run comparethese differences to integers. As timed automorphism π preserves integer differences, byexecuting the same sequence of transition rules we obtain the run over π ( w ) starting in π ( c ) = ( p, π ◦ µ, π ( t )):( p, π ◦ µ, π ( t )) a ,π ( t ) −−−−−→ · · · a n ,π ( t n ) −−−−−→ ( q, π ◦ ν, π ( t n )) , also accepting as it ends in the same location q . As w ∈ T (Σ) can be chosen arbitrarily, wehave thus proved one of inclusions, namely π ( L A ( p, µ, t )) ⊆ L A ( p, π ◦ µ, π ( t )) . The other inclusion follows from the latter one applied to π − and L A ( p, π ◦ µ, π ( t )): π − ( L A ( p, π ◦ µ, π ( t ))) ⊆ L A ( p, π − ◦ π ◦ µ, π − ( π ( t ))) = L A ( p, µ, t ) . The two implications prove the equality. (cid:74)(cid:73)
Lemma 3.5.
For finite subsets
S, S ⊆ R ≥ , if a timed language L is both S -invariant and S -invariant, then it is also S -invariant where S = fract ( S ) ∩ fract ( S ) . Proof.
Let L be an S - and S -invariant timed language, and let F = fract ( S ) and F = fract ( S ). Towards proving that L is an ( F ∩ F )-invariant subset of T (Σ), consider two timedwords w, w ∈ T (Σ) such that w = π ( w ) for some ( F ∩ F )-timed automorphism π . We needto show that w ∈ L iff w ∈ L , which follows immediately by the following claim: (cid:66) Claim A.1.
Every ( F ∩ F )-timed automorphism π decomposes into π = π n ◦ · · · ◦ π ,where each π i is either F - or F -timed automorphism.Indeed, due to F - and F -invariance of L , we have w ∈ L iff w ∈ L as required.As it has been proved in [11], instead of dealing with decomposition of π , it is sufficientto analyse the individual orbit of F − F , in the special case when both F − F and F − F are singleton sets. The proof of Theorem 10.3 in [11] may be repeated here to prove that thelast claim above is implied by the following one: (cid:66) Claim A.2.
Let
F, F ⊆ [0 ,
1) be finite sets s.t. F − F = { t } and F − F = { t } . For every( F ∩ F )-timed automorphism π we have π ( t ) = ( π n ◦ · · · ◦ π )( t ), for some π , . . . , π n , eachof which is either F - or F -timed automorphism.The proof of the claim is split into two cases. C O N C U R 2 0 2 0
Case F ∩ F = ∅ . Let l be the greatest element of F ∩ F smaller than t , and let h be thesmallest element of F ∩ F greater than t , assuming they both exist. (If l does not existput l := h −
1, where h is the greatest element of F ∩ F ; symmetrically, if h does notexists put h := l + 1, where l is the smallest element of F ∩ F .) Then the ( F ∩ F )-orbit { π ( t ) | π is a ( F ∩ F )-timed automorphism } is the open interval ( l, h ). Take any ( F ∩ F )-timed automorphism π ; without loss of generality assume that u = π ( t ) > t . The onlyinteresting case is t < t ≤ u . In this case, we show π ( π ( t )),where π is some F -timed automorphism that acts as identity on [ t , l + 1] and s.t. t < π ( t ) < t , π is some F -timed automorphism that acts as identity on [ h − , t ] and s.t. π ( π ( t )) = u . Case F ∩ F = ∅ . Thus F = { t } and F = { t } . Take any timed automorphism π ; withoutloss of generality assume that π ( t ) > t . Let z ∈ Z be the unique integer s.t. t + z − < t < t + z .Let π be an arbitrary { t } -timed automorphism that maps t to some t ∈ ( t, t + z ). Note that t may be any value in ( t, t + z ). Similarly, let π be an arbitrary { t } -timed automorphismthat maps t to some t ∈ ( t , t + 1). Again, t may be any value in ( t , t + 1). By repeatingthis process sufficiently many times one finally reaches π ( t ) as required. (cid:74) B Proofs for Section 4 (cid:66)
Claim 4.6 (Invariance of Y ). For every two transitions ( X , S ) a,t −−→ ( X , S ) and( X , S ) a,t −−→ ( X , S ) in Y and a timed permutation π , if π ( X ) = X and π ( S ) = S and π ( t ) = t , then we have π ( X ) = X and π ( S ) = S . Proof.
Let i range over { , } and let e X i := succ a,t i ( X i ). Thus S i is the least subset of S i ∪ { t i } containing t i such that L A ( e X i ) is S i -invariant, and X i = Π S i ( e X i ). By invariance of (cid:74) A (cid:75) (Fact 3.2) and invariance of semantics (Fact 3.3) we get π ( e X ) = e X , and π ( L A ( e X )) = L A ( e X ) , and therefore π ( S ) = S , which implies π ( X ) = X . (cid:74)(cid:66) Claim 4.8 (Invariance of Z ). For every two transitions ( X , µ ) a,t −−→ ( X , µ ) and( X , µ ) a,t −−→ ( X , µ ) in Z and a timed permutation π , if π ( X ) = X and π ◦ µ = µ and π ( t ) = t , then we have π ( X ) = X and π ◦ µ = µ . Proof.
Let i range over { , } . Let S i = µ i ( X ) and ( X i , S i ) a,t i −−→ ( X i , S i ) in Y . By Claim 4.6we have π ( X ) = X and π ( S ) = S . Since π ◦ µ = µ and the definition (3) is invariant: π ◦ ( µ ) = ( π ◦ µ ) , we derive π ◦ µ = µ . (cid:74) C Proofs for Section 5 (cid:73)
Lemma 5.2.
The set of reachable configurations Reach ( M ) is finite if, and only if, L ( A ) is a deterministic timed language. . Clemente, S. Lasota, and R. Piórkowski 38:21 Proof.
For the “only if” direction, if Reach( M ) is finite then there is some k s.t. everyreachable configuration u has size u ( c ) + u ( c ) + u ( c ) + u ( c ) + 1 ≤ k , and thus the set ofreversals of accepting runs can be recognised by a dta ( k +1) , and thus also its complementcan be recognised by a ( k + 1)- dta .For the “if” direction, if Reach( M ) is infinite, then there exist reachable configurationswith arbitrarily large counter values. Suppose, towards reaching contradiction, that L ( A ) isrecognised by a dta k . Thus also its complement, that is the set of reversal-encodings of runsof M , is recognised by some dta k B . There exists a run π of M where some counter valueexceeds k , and thus when B reads the reversal-encoding of π it must forget some timestamp(say) ( c , t ) in some configuration p i +1 δ i +1 u i +1 . Since t is forgotten, we can perturb itscorresponding ( c , t + 1) in p i δ i u i to any value ( c , t ) s.t. t − t = 1 and obtain a new wordstill accepted by A , but which is no longer the reversal-encoding of a run of M , thus reachingthe sought contradiction. (cid:74)(cid:73) Lemma 5.5.
Let k, m ∈ N and let Y be a class of timed languages that contains all the timeless timed languages, is closed under union and composition, and contains some non- dta k (resp. non- dta k,m ) language.The universality problem for languages in Y reduces in polynomial time to the dta k (resp. dta k,m ) membership problem for languages in Y . Proof.
We consider dta k membership (the dta k,m membership is treated similarly). Con-sider some fixed timed language M ∈ Y which is not recognised by any dta k (relying on theassumption 3), over an alphabet Γ. For a given timed language L ∈ Y , over an alphabet Σ,we construct the following language over the extended alphabet Σ ∪ Γ ∪ { $ } : N := L (cid:66) { $ } (cid:66) T (Γ) ∪ T (Σ) (cid:66) { $ } (cid:66) M ⊆ T (Σ ∪ Γ ∪ { $ } ) , where $ Σ ∪ Γ is a fixed fresh alphabet symbol. Since Y contains all timeless timedlanguages due to the assumption 1, and is closed under union and composition due to theassumption 2, the language N belongs to Y . (cid:66) Claim. L = T (Σ) if, and only if, N is recognised by a dta k .For the “only if” direction, if L = T (Σ) then clearly N = T (Σ) · { $ } · T (Γ). Thus N istimeless and in consequence N is recognised by a dta k , as dta k recognise all timeless timedlanguages for any k ≥ N is recognisedby a dta k A but L = T (Σ). Assume, w.l.o.g., that A is greedily resetting. Choose anarbitrary timed word w = ( a , t ) . . . ( a n , t n ) L over Σ. Therefore, for any extension v = ( a , t ) . . . ( a n , t n )($ , t n + t ) of w by one letter, we have v − N = t + M = { ( b , t + u ) . . . ( b m , t + u m ) | ( b , u ) . . . ( b m , u m ) ∈ M } . Choose t larger than the largest absolute value m of constants appearing in clock constraintsin A , and let ( p, µ ) be the configuration reached by A after reading v . As t > m , all theclocks are reset by the last transition and hence µ ( x ) = 0 for all clocks x . Consequently, ifthe initial control location of A were moved to the location p , the so modified dta k A wouldaccept the language M . But this contradicts our initial assumption that M is not recognisedby a dta k , thus finishing the proof. (cid:74)(cid:74)