Before introducing timed temporal logics, we have to extend the modeling formalism over which paths these logics are evaluated. This modeling formalism, timed transition systems, has two types of transitions, adelay transition that only updates clocks and a discrete transition that moves from a (logical) state to another state. Because time is
often infinite (for example all natural numbers N), so is the state space of this timed transition system. Therefore, we will first discuss timed automata by Alur et al. (1993)
and use them as a finite description of such a timed transition system.
Timed automata are an extension of finite automata that add so calledclocks. A clock
(commonly denoted withx, y, z) is a variable that automatically increases over time, and
can only be reset but not otherwise updated. We define clock valuation as a function
(η :C Ñ Rą0) that assigns a (current) time value to all clocks and define EvalpCq as
all possible clock valuations for a set of clocks. Furthermore, clock constraints (denoted: CC(C), “The clock constraints over a clock C”) are boolean expressions that compare clocks with fixed values; for instance, for a clockx, a clock constraint might bexă7. A
timed automaton employs clock constraints asguards andinvariants. A guard enables a
transition when its clock constraint is satisfied, so a transition with guardxă7can only
be taken when the clockxhas a value less than seven. An invariant is a clock constraint
on a state that disallows staying or moving to a state when its the clock constraint is violated. A state with invariantx ă7 must be left or cannot be entered before or after
the clock x reaches seven respectively. If there is a situation where the only possible
continuation violates an invariant, the system is considered timelocked and no progress
(delay or discrete) can be made.
6
A timed automaton over a set of atomic propositions (AP) is given by a tuple pLoc, Loc0, Act, C, R1, Inv, Lq7:
Loc A set of states
Loc0 ĎLoc A set of initial states
Act A set of actions
C A set of clock variables
R1 ĎLocˆCCpCq
ˆActˆ2CˆLoc
A transition relationship between two states with possibly a clock constraint acting as guard, and possibly resets for any possible subset of clocks and an action.
Inv:LocÑCCpCq A mapping from states to their invariants (which are clock constraints)
L:LocÑ2AP Labeling function
A timed path is a sequence of tuples of state and clock valuations
ps0, η0q,ps1, η1q,ps2, η2q, . . . for which s0 P Loc0, η0 “ 0 and there is a transition
fromsi tosi`1 andηi satisfies the guard of that transition, as well ηi satisfies the invari-
ant on state si`1 for all iě0. For a given timed automatonpLoc, Loc0, C, R1, Inv, Lq,
we define the timed transition systemM “ pS, I, C, R, Lq8as a structure that encodes all possible timed paths in a timed automaton. Intuitively, this timed transition system has states for all combinations of locations in the timed automata and all clock valuations and transitions of two types:
Delay Transition A transition fromps, ηq to ps, η`dq for all dPRą0 iff η`dsatisfies
the invariant on s.
Discrete Transition A transition fromps, ηqto ps1, η1qiff there is a transitiontfromsto
s1in the timed automata andηsatisfies the guard ontandη1 satisfies the invariant
ons1 andη1 has correctly applied all resets specified in that transition.
Finally, when evaluating a timed temporal logic over a timed transition system, paths that arezenoare not considered. A path that is considered zeno is of infinite length but
does not take infinitely long time. Saying that something holds globally, for example, would be impossible for a path that has infinite steps, but only finite duration.
The general flow for model checking a timed temporal logic formulaφis: given a timed
automaton, transform that timed automata into a timed transition system M, and then
prove that for all timed pathsp inM,p|ùφ. This timed transition system can be seen
as a timed version of a Kripke structure defined before.
7
A different syntax is used here here to prevent confusion with timed transition systems discussed later. Definition based on (Baier et al., 2008, p. 678-679)
8
Based on (Baier et al., 2008, p. 687-689), but made consistent with the definition of a Kripke structure by (Clarke et al., 1999, p.14).
{a} start q1 pptă10qq {a,b} q2 {b,c} q3 pptă12qq {b} q4 tě3 tă5 tě5 tă10
Figure 4.3: A timed automata used to demonstrate semantics of MTL and TCTL, the structure is similar to the Kripke structure in Figure 4.2.