Integer Reset Timed Automata: Clock Reduction and Determinizability by Manasa, Lakshmi & S, Krishna.
ar
X
iv
:1
00
1.
12
15
v1
  [
cs
.FL
]  
8 J
an
 20
10
Integer Reset Timed Automata: Clock
Reduction and Determinizability
Lakshmi Manasa and Shankara Narayanan Krishna
Department of Computer Science & Engineering,
IIT Bombay, Powai, Mumbai-76, India.
{manasa,krishnas}@cse.iitb.ac.in
Abstract. In this paper, we propose a procedure that given an integer
reset timed automaton (IRTA) A, produces a language equivalent deter-
ministic one clock IRTA B whose size is at most doubly exponential in
the size of A. We prove that this bound on the number of locations is
tight. Further, if integer resets are used in stopwatch automata, a sub-
class of stopwatch automata which is closed under all boolean operations
and for which reachability is decidable is obtained.
1 Introduction
It is well known that for timed automata [3], emptiness checking is PSPACE-
complete. This has paved the way for using timed automata in the verification
of real-timed systems - several algorithms, tools have been built. Even though
emptiness checking is decidable, the questions of universality, inclusion are unde-
cidable for non-deterministic timed automata with more than one clock. Further,
timed automata cannot be determinized. Investigations have shown that even re-
stricted classes like the one considered in [1] have undecidable universality. Some
of the known classes where timed automata can be effectively determinized are
event clock automata (ECA) [4] and integer reset timed automata (IRTA) [10].
[5] talks about a condition satisfying which, timed automata are determinizable.
They give a procedure to obtain a language equivalent deterministic infinite
timed tree corresponding to a timed automaton A. The result is that A can be
determinized if the number of clocks per node in this tree is bounded. ECA and
IRTA fall into this category.
Integer reset timed automata were introduced in [10]. For a imed automa-
ton A and IRTA B, [10] and [11] decide the question “is L(A) ⊆ L(B)” with
non-primitive recursive complexity and EXPSPACE respectively. [12] gives a
technique for obtaining a language equivalent determinized one clock IRTA A′
from an IRTA A, with a triply exponential blow up in the number of locations.
Subsequently, [13] proposes a technique to obtain from an IRTA or ǫ-IRTA A, a
one clock ǫ-IRTA, with a doubly exponential blow up in the number of locations.
The result in [13] cannot be considered an improvement over the one in [12] since
the final IRTA obtained has ǫ-moves (even when we start with an IRTA without
ǫ-moves). The determinization technique suggested in [5] applied to an IRTA A,
gives a deterministic timed automaton B (not an IRTA), whose size is doubly
exponential in the size of A, and which has ≤ cm + 1 clocks, where cm is the
biggest constant used in the guards of A.
As the main result of this paper, we show that starting with an IRTA A, we
can obtain a determinized one clock IRTA B whose size is doubly exponential in
the size of A. Comparing this result to the earlier works of [12], [13] and [5] we
note the following.
– Our technique is extremely simple in comparison to the δ−X theory used in
[12], [13]. [13] introduces ǫ moves in the one clock IRTA obtained even when
the initial IRTA did not have any while [12] has a higher complexity.
– [5] gives rise to a deterministic timed automaton with cm + 1 clocks, while
we obtain a deterministic one clock IRTA.
– Finally, we prove that the doubly exponential bound is tight. This has not
been established in any of these earlier works.
2 Preliminaries
For any set S, S∗ (Sω) denotes the set of all finite (infinite) strings over S.
S∞ = S∗∪Sω . We consider as time domain T the set Q+ or R+ of non-negative
rationals or reals, and Σ a finite set of actions. A time sequence over T is a finite
(infinite) non-decreasing sequence t = (ti)i≥0 ; for simplicity t0 is taken to be zero
always. For t ∈ T, int(t) and frac(t) represent its integral and fractional parts
respectively. A timed word over Σ is defined as ρ = (σ, t), where σ = (σi)i≥1 is
a finite (infinite) sequence of symbols in Σ and t = (ti)i≥1 is a finite (infinite)
sequence in T∞. A timed language L is a set of timed words.
We consider a finite set of variables X called clocks. A clock valuation over X
is a map ν : X → T mapping each clock x ∈ X to a time value. ν(x) represents
the value assigned to the clock x by ν. For t ∈ T, the valuation ν+ t is defined as
(ν + t)(x) = ν(x) + t, ∀x ∈ X . The set of all clock valuations over X is denoted
by TX . For the set of clocks X , the set of constraints (guards) over X , denoted
by C(X) is given by ϕ ::= x ∼ c|ϕ∧ϕ|ϕ∨ϕ where c ∈ N,∼∈ {<,≤, >,≥,=, 6=}.
Clock constraints are interpreted over clock valuations. The relation ν |= ϕ
(valuation ν satisfies constraint ϕ) is defined as ν |= x ∼ c if ν(x) ∼ c. Clock
constraints allow us to test the values of clocks. In order to change these values,
we use the notion of resets. A reset φ is a subset of X which mentions which
set of clocks are reset. ν′ = ν[φ := 0] denotes ν′(z) = ν(z) for all z ∈ X\φ and
ν′(y) = 0 for all y ∈ φ. The set of all possible resets is 2X , the set of all subsets
of X .
Timed Automata: A timed automaton [3] is a tuple A = (L,L0, Σ,X,E, F )
where L is a finite set of locations; L0 ⊆ L is a set of initial locations; Σ is a finite
set of symbols; X is a finite set of clocks; E ⊆ L×L×Σ×C(X)× 2X is the set
of transitions and F ⊆ L is a set of final locations. C(X) and 2X are the set of
clock constraints and clock resets as described above. An edge e = (l, l′, a, ϕ, φ)
represents a transition from l to l′ on symbol a, with the valuation ν ∈ TX
satisfying the guard ϕ, and φ gives the resets of certain clocks. For a location l
and valuation ν, (l, ν) is called a state of A.
A path is a finite (infinite) sequence of consecutive transitions. The path
is said to be accepting if it starts in an initial location (l0 ∈ L0) and ends
in a final location (or repeats a final location infinitely often). A run r
through a path from a valuation ν′0 (with ν
′
0(x) = 0 for all x) is a sequence
(l0, ν
′
0)
t1−→ (l0, ν1)
(σ1,ϕ1,φ1)
−→ (l1, ν
′
1)
t2−→ (l1, ν2)
(σ2,ϕ2,φ2)
−→ (l2, ν
′
2) · · · (ln, ν
′
n). Note
that νi = ν
′
i−1 + (ti − ti−1), νi |= ϕi, and that ν
′
i = νi[φi := 0], i ≥ 1. The timed
word corresponding to r is ρ = (σ1, t1)(σ2, t2) · · · (σn, tn). A timed word ρ is
accepted by A iff there exists an accepting run (through an accepting path) over
A, the word corresponding to which is ρ. The timed language L(A) accepted
by A is defined as the set of all timed words accepted by A. In the following
sections, we look at finite timed words.
Region Automata: Given a setX of clocks, letR be a partitioning of TX . Each
partition contains a set (possibly infinite) of clock valuations. Given α ∈ R, the
successors of α represented by Succ(α) are defined as α′ ∈ Succ(α) if ∃ν ∈
α, ∃t ∈ T such that ν + t ∈ α′. The partition R is said to be a set of regions
iff α′ ∈ Succ(α) ⇐⇒ ∀ν ∈ α, ∃t ∈ T such that ν + t ∈ α′. A set of regions
is consistent with time elapse if two valuations which are equivalent (within
the same partition) stay equivalent with time elapse. A region α ∈ R is said
to satisfy a clock constraint ϕ ∈ C(X) denoted as α |= ϕ, if ∀ν ∈ α, ν |= ϕ.
A clock reset φ ∈ 2X maps a region α to a region α[φ := 0] = α′ such that
α′ ∩ {ν[φ := 0]} 6= ∅ for some ν ∈ α. A set of regions R is said to be compatible
with a set of clock constraints C(X) iff ∀ϕ ∈ C(X) and ∀α ∈ R exactly one of
the following holds (a) α |= ϕ or (b) α |= ¬ϕ. A set of regions R is said to be
compatible with a set of clock resets 2X iff α′ = α[φ := 0] ⇒ ∀ν ∈ α, ∃ν′ ∈ α′
such that ν′ = ν[φ := 0].
Given a timed automaton A, and a set of regions R compatible with C(X)
and 2X , the region automaton R(A) = (Q,Q0, Σ,E′, F ′) is defined as follows:
Q = L×R the set of locations; Q0 = L0×{α0} (α0 is the region where ν(x) = 0
for all x ∈ X), the set of initial locations; F ′ = F × R ⊆ Q the set of final
locations; E′ ⊆ (Q×Σ ×Q) is the set of edges. (l, α)
a
→ (l′, α′) is an edge in E′
if ∃α′′ ∈ R and a transition (l, l′, a, ϕ, φ) ∈ E such that (a) α′′ ∈ Succ(α), (b)
α′′ |= ϕ and (c) α′ = α′′[φ := 0]. The region automaton [3] is an abstraction of
the timed automaton accepting Untime(L(A)).
Theorem 1. Let A be a timed automaton. Then the problem of checking empti-
ness of L(A) is decidable. [3]
2.1 Integer Reset Timed Automata
An integer reset timed automaton (IRTA) [10] is a timed automaton A =
(L,L0, Σ,X,E, F ) with the restriction that for every e = (l, l
′, a, ϕ, φ) ∈ E,
if φ 6= ∅ then ϕ consists of atleast one atomic clock constraint x = c for some
x ∈ X, c ∈ N. The clock constraint x = c in the guard of a resetting transition
ensures that all the resets happen at integer time units (see also Lemma 1). The
timed automaton A shown in Figure 2.1 is an IRTA.
S T
a, x ≤ 1?
y := 0
a, x = 1?
b, y = 1?
x := 0
Fig. 2.1. IRTA A.
Lemma 1. [11] Let A = (L,L0, Σ,X,E, F ) be an IRTA and ν be a clock valu-
ation in any given run in A. Then ∀x, y ∈ X, frac(ν(x)) = frac(ν(y)).
2.2 IRTA Regions
In this section, we look at the regionsR of an IRTA. Given a setX of clocks, letR
be a finite partitioning of TX . The notions of successor of a region, compatibility
with guards and compatibility with resets are same as mentioned earlier.
Let cm ∈ N be the maximum constant occurring in the guards C(X) of the
IRTA A. For the set of clocks X , define a set of intervals I as
I = {[c]|0 ≤ c ≤ cm} ∪ {(c, c+ 1)|0 ≤ c < cm} ∪ {(cm,∞)}
We denote the clock interval of t ∈ T as 〈t〉I . For example, if cm = 2, then
〈1〉I = [1], 〈1.2〉I = (1, 2) and 〈2.4〉I = (2,∞).
Let α be a tuple ((Ix)x∈X ,≺) where (i) Ix ∈ I is the clock interval of x ∈ X ,
(ii) ≺ is a total preorder on X0 = {x ∈ X | Ix is of the form (c, c + 1)}.
The region associated with α is the set of valuations ν ∈ TX such that for all
x ∈ X , ν(x) ∈ Ix and for all x, y ∈ X0, x ≺ y iff frac(ν(x)) ≤ frac(ν(y)).
Since the fractional parts of all clocks are same always (Lemma 1), we can drop
the preorder ≺ and consider α to be ((Ix)x∈X). For x ∈ X , α(x) = Ix. The
set of all such tuples α partitions TX and this is the set we consider to be
R. For a valuation ν, the clock region it belongs to is denoted as 〈ν〉R. For
example, if ν(x) = 2.3, ν(y) = 1.3, cm = 3, then 〈ν〉R = ((2, 3), (1, 2)). We drop
the subscripts for the notations 〈t〉I and 〈ν〉R whenever they are clear from the
context.
Consider the set of clock intervals I and the set of clock regions R defined
for the set of clocks X with the maximum clock constant being cm. For two
clock intervals I1, I2 ∈ I, we define I1 + I2 as the clock interval I ∈ I such
that ∀t1 ∈ I1, ∀t2 ∈ I2, ∃t ∈ I, such that t = t1 + t2. For a clock region
α = ({Ix}x∈X) ∈ R and a clock interval I ∈ I, we define α + I as the region
({Ix + I}x∈X).
Definition 1. Two timed words ρ = (σ1, t1)(σ2, t2) · · · (σn, tn) and ρ′ =
(σ′1, t
′
1)(σ
′
2, t
′
2) · · · (σ
′
n, t
′
n) are said to be equivalent denoted by ρ
∼= ρ′ iff for all
i the following holds (1) σi = σ
′
i and (2) int(ti) = int(t
′
i), frac(ti) = 0 iff
frac(t′i) = 0.
Lemma 2. If A is an IRTA and ρ ∼= ρ′ then, ρ ∈ L(A) iff ρ′ ∈ L(A) [11].
Consider the timed automaton A in figure 2.2 and two timed words ρ1 =
(a, 0.5)(c, 1.5) and ρ2 = (a, 0.5)(c, 1.4). ρ1 ∼= ρ2. However ρ1 ∈ L(A) while
ρ2 6∈ L(A). This shows that lemma 2 need not hold for a timed automaton
which is not an IRTA.
S T U
y := 0
a, 0 < x, y < 1?
x := 0
b, 0 < y ≤ 1?
c, y = 1?
Fig. 2.2. Timed automaton A which is not an IRTA.
Integral, Non-integral, Saturated region : Let α = ((Ix)x∈X) ∈ R and let Xm ⊆
X be such that ∀x ∈ Xm, Ix = (cm,∞). (i) α is said to be saturated if Xm = X,
(ii) α is said to be integral if ∀x ∈ X \Xm, with Xm ⊂ X , Ix is of the form [c],
and (iii) α is said to be non-integral if ∀x ∈ X \Xm, with Xm ⊂ X , Ix is of the
form (c, c+ 1). If A is an IRTA, and α is a region of A, then α can be classfied
as one of integral, non-integral or saturated region (Lemma 1 implies this). The
union of the integral, saturated regions is denoted by RI . Following [7], we have
Lemma 3. The set R of IRTA regions forms a set of regions. R is compatible
with the clock constraints C(X) and with the set 2X of clock resets.
3 Clock reduction and determinization of IRTA
In this section, we give a technique to obtain given an IRTA A with k ≥ 1 clocks,
an IRTA A1 with one clock n. As the constraints in A1 are over a single clock n,
we can consider each constraint to be a disjunction of clock intervals from the
set I. For example, a constraint n ≤ 2 ∧ n ≥ 1 on a transition from s to t can
be expressed as three transitions from s to t on n ∈ [1], n ∈ (1, 2) and n ∈ [2]
respectively. Let cm be the maximum constant used in the guards of A. Given
a clock region α of A and a constraint ϕ1 of the form n ∈ In, α+ ϕ1 consists of
valuations obtained by adding In to each interval Ix in α (as defined in Section
2). For example, if α = (1 < x < 2, 0 < y < 1) and ϕ1 = n ∈ [1], then α + ϕ1
consists of the valuations (2 < x < 3, 1 < y < 2). For a constraint ϕ over X , the
relation α + ϕ1 |= ϕ iff ν |= ϕ for all ν ∈ α + ϕ1. So, if ϕ is y > 2, then in the
example above, α + ϕ1 6|= ϕ. However, α + ϕ1 |= y > 1. This notation will be
used in the following construction.
3.1 Clock reduction
Given an IRTA A = (L,L0, Σ,X,E, F ) construct a one clock IRTA A1 =
(L1, L10, Σ, {n}, E
1, F 1) as follows:
– L1 ⊆ L×RI , RI is the set of integral and saturated regions;
– L10 = L0 × {α0} where α0 = ([0], [0], · · · [0]);
– F 1 ⊆ F ×RI ;
– E1 ⊆ L1×Σ×I×2{n}×L1 is the set of transitions. A transition (l, α)
a,ϕ1,φ1
−→
(l′, α′) is defined iff there exists a transition l
a,ϕ,φ
−→ l′ in E such that
• α+ ϕ1 |= ϕ,
• α′ = (α+ ϕ1)[φ := 0] if φ 6= ∅; α′ = α if φ = ∅,
• φ1 = {n} iff φ is non-empty.
S00 T10 S01
a, n ≤ 1?
n := 0
a, n = 1? b, n = 1?
n := 0
n := 0
a, n = 1?
a, n ≤ 1?
Fig. 3.1. One clock IRTA A1 corresponding to the IRTA A in Figure 2.1. S01
represents the location S, (x = 0, y = 1)
By construction, the region component α in the locations (l, α) of A1 is
updated only whenever a reset happens in A. Since resets happen only at integer
time units, the region components are always integral. A reset in A results in
resetting n in A1; the value of n is otherwise the time elapsed between two resets.
Next, we prove that A and A1 accept the same timed language.
In the following proof, we represent a state ((l, α), µ) of A1 as (l, α, µ) and
use the notation ν = α + µ to represent that for all x ∈ X, ν(x) = cx + µ(n)
where [cx] = α(x).
Theorem 2. Let A be an IRTA and let A1 be the one clock IRTA obtained using
the above construction. Then L(A) = L(A1).
Proof. L(A) ⊆ L(A1): Consider a run (l0, ν′0)
t1−→ (l0, ν1)
σ1,ϕ1,φ1
−→ (l1, ν′1)
in A of length one. By construction of A1, there is a run (l0, α0, µ′0)
t1−→
(l0, α0, µ1)
σ1,ϕ
1
1
,φ1
1−→ (l1, α1, µ′1) where µ
′
0 = 0, α0 + ϕ
1
1 |= ϕ1. ϕ
1
1 is n ∈ 〈t1〉.
Also, ν′0 = α0 + µ
′
0, ν1 = α0 + µ1, ν
′
1 = α1 + µ
′
1 irrespective of φ1.
Assume the result for all runs of length < m. Consider a run of A of length
m. Let (l0, ν
′
0)
t1−→ (l0, ν1)
σ1,ϕ1,φ1
−→ (l1, ν′1) . . .
tm−1
−→ (lm−2, νm−1)
σm−1,ϕm−1,φm−1
−→
(lm−1, ν
′
m−1)
tm−→ (lm−1, νm)
σm,ϕm,φm
−→ (lm, ν′m) be a run in A correspond-
ing to (σ1, t1) . . . (σm, tm). Consider the subrun (l0, ν
′
0)
t1−→ (l0, ν1)
σ1,ϕ1,φ1
−→
(l1, ν
′
1) . . .
σm−1,ϕm−1,φm−1
−→ (lm−1, ν′m−1). By induction hypothesis, we can ob-
tain a run of length m − 1 in A1 which ends in (lm−1, αm−1, µ′m−1). The
subrun in A extends as (lm−1, ν′m−1)
tm−→ (lm−1, νm)
σm,ϕm,φm
−→ (lm, ν′m). We
know that νm |= ϕm and νm = ν
′
m−1 + (tm − tm−1). From induction hy-
pothesis, we also know that ν′m−1 = αm−1 + µ
′
m−1. Hence there should exist
edges (lm−1, αm−1, µ
′
m−1)
tm−→ (lm−1, αm−1, µm)
σm,ϕ
1
m,φ
1
m−→ (lm, αm, µ′m). Since
νm = αm−1 + µm |= ϕm, and αm−1 + ϕ1m |= ϕm, we have ϕ
1
m = n ∈ 〈µm(n)〉,
and ν′m = αm + µ
′
m. Clearly, (σ1, t1) . . . (σm, tm) is in L(A
1) whenever it is in
L(A). See Appendix A for an example.
L(A1) ⊆ L(A): The above argument can be traced backward to argue this. ⊓⊔
S00 T (0, 1)0 S0(0, 1)
S01 U(0, 1)0
n := 0
a, 0 < n < 1? n := 0
b, 0 < n < 1?
a, 0 < n < 1?
n := 0c, n = 1?
n := 0
b, n = 1?
Fig. 3.2. One clock automaton A1 for the timed automaton in the Figure 2.2.
T (0, 1)0 represents the location T, (0 < x < 1, y = 0).
However, it must be noted that this technique works because A is an IRTA.
The fact that resets happen at globally integral times has helped us retain in n
the time elapsed between two resets. See the automaton A1 in Figure 3.2 which is
obtained by applying the above technique to the timed automaton A in Figure
2.2. In the Figure 3.2, consider the location [S0(0, 1)] and the outgoing edge
[S0(0, 1)]
a,0<n<1?n:=0
−→ [T (0, 1)0] (dotted in the figure). This edge corresponds to
the edge S
a,0<x,y<1,y:=0
−→ T in A of Figure 2.2. Here the requirement α+ϕ1 |= ϕ
of the construction does not hold - not all valuations in (x = 0, 0 < y < 1)+(0, 1)
satisfy the constraint 0 < x, y < 1. To satisfy 0 < x, y < 1, we need to know
the exact value of y. This can be achieved by (1) having a fresh clock containing
value of y or (2) remember the value of y in the location. Option (2) would give
rise to infinitely many locations in place of [S0(0, 1)]. To sum up, the technique
described above to reduce the number of clocks to one does not work for timed
automata in general. It is worthwhile to mention Finkel’s result [9] that the
problem of the minimization of the number of clocks of a timed automaton is
undecidable.
Complexity The definition of A1 shows that the number of locations is at most
|L|×|RI | = |L|× [cm+2]|X|. However, E1 reveals that the region part of in (l, α)
changes only if the corresponding edge in A resets at least one clock. Hence all
the locations in L1 have integral regions with at least one of the clocks having
the interval [0]. Thus the total number of locations in A1 is |L1| ≤ |L|.[(cm +
2)|X| − (cm + 1)
|X|]. Lemma 4 shows that this bound is indeed tight.
Lemma 4. There is an IRTA A such that the smallest one clock IRTA A1
corresponding to it has exactly |L|.[(cm +2)|X|− (cm +1)|X|] locations, where L
is the set of locations of A, X is the set of clocks of A and cm is the maximum
constant used in the guards of A.
Proof. Consider the IRTA A = (L,L0, Σ,X,E, F ) in Figure 3.3 having two
clocks. The one clock IRTA A1 in Figure 3.3 has exactly |L|.[(cm+2)|X|− (cm+
1)|X|] number of locations.
S00 S01 S01+
S10 S1+0
cx, n = 0?
bx, n = 1?n := 0
cy, n = 0?
by, n = 1?n := 0
ax
n = 1?n := 0
bx
n = 1?n := 0
ay, n = 1?n := 0
by
n = 1?n := 0
s
d1, d2
d3, d4, d5, d6
Fig. 3.3. Deterministic IRTA A and its one clock IRTA A′. The symbols
represent the following timed transitions : d1 ::= ax, x = y = 1?x := 0,
d2 ::= ay, x = y = 1?y := 0, d3 ::= cx, x = 0 ∧ y > 1?, d4 ::= cy, y = 0 ∧ x > 1?,
d5 ::= by, x > 1 ∧ y = 1?y := 0, d6 ::= bx, x = 1 ∧ y > 1?x := 0. 1
+ denotes all
values > 1.
The language accepted by A is L(A)={(ax, 1), (ay, 1), (ax, 1)(bx, 2),
(ay, 1)(by, 2), (ax, 1)(bx, 2)(cx, 2)(bx, 3), (ay, 1)(by, 2)(cy, 2)(cy, 2), . . . }. Clearly,
untime(L(A)) = ax(bxc∗x)
∗ + ay(byc
∗
y)
∗. It is easy to see that the minimal
(deterministic, not complete) automaton D accepting untime(L(A)) requires
5 locations (use the standard Myhill-Nerode argument). Decorating this with
appropriate constraints (see below), we obtain a one clock IRTA A1 accepting
L(A).
To argue that A1 is the smallest one clock IRTA accepting L(A) is easy:
(1) To accept (ax, 1), (ay, 1), we need two locations s, t (s is the initial location)
with s
ax,ay,n=1?,n:=0
−→ t; (2) To accept (ax, 1)(bx, 2), we reset the clock n on the
transition from s to t and add t
bx,n=1?
−→ s. But this would mean accepting illegal
words like (ay, 1)(bx, 2), (ay , 1)(bx, 2)(ax, 2) as well, hence we need to add new
locations u, v and replace s
ay,n=1?n:=0
−→ t with s
ay,n=1?n:=0
−→ u and replace t
bx,n=1?
−→
s with t
bx,n=1?n:=0
−→ v; (3) After (2), to accept (ax, 1)(bx, 2)(bx, 3) . . . (bx, n) . . . ,
we need a loop on bx resetting n every time n = 1. This is easily done by adding
v
bx,n=1?n:=0
−→ v. To incorporate any number of cx’s without time elapse, we also
add v
cx,n=0?
−→ v. A similar argument will show that we need one more location
w to take care of by, cy. It can be seen that what we obtain is precisely A1. ⊓⊔
3.2 Determinization
In this section, we give a technique to obtain from an IRTA A, a one clock
deterministic IRTA Ad.
Given an IRTA A = (L,L0, Σ,X,E, F ), a language equivalent one clock
deterministic IRTA Ad = (Ld, Ld0, Σ, {n}, E
d, F d) is constructed as follows:
– Ld ⊆ 2L×RI , where RI is the set of integral and saturated regions;
– Ld0 =
⋃
L0 × {α0} where α0 = ([0], [0], · · · [0]);
– F d = {A ∈ Ld | A contains some (l, α), l ∈ F};
– Ed ⊆ Ld × Σ × I × 2{n} × Ld is the set of transitions. Let A =
{(l1, α1), . . . , (ln, αn)}. A transition A
a,ϕd,φd
−→ B ∈ Ed iff
• For each (li, αi) ∈ A, if there exists in E an edge li
a,ϕi,φi
−→ l′i such that
αi + ϕ
d |= ϕi then (l
′
i, α
′
i) ∈ B,
• φd = {n} iff φi 6= ∅ for some i ∈ {1, 2, . . . n},
• If φd = {} then α′i = αi for all i. If φ
d = {n}, then α′i = αi +ϕd[φi := 0]
when φi 6= {} and α′i = αi + ϕd when φi = {}.
Figure 3.4 gives the deterministic one clock IRTA Ad obtained for the IRTA A in
Figure 2.1. Note that the same can be achieved by determinising A1 (of Figure
3.1) in the same way [see Appendix B].
The technique outlined above is very similar to the one studied in the Section
3.1 except that it performs subset construction along with clock reduction. For
example consider the automata A, A1 and Ad in Figures 2.1, 3.1 and 3.4 respec-
tively. A is non-deterministic at the location S on a when x = 1, since it has two
edges, one to S itself and other to T which resets y. A1 focuses only on clock
reduction and retains this non-determinism at location S00 on a when n = 1
by having two edges one to S00 and other to T 10. However, Ad is obtained by
performing subset construction along with clock reduction. Thus in Ad the edge
corresponding to the non-deterministic edges is {S00}
a,n=1?n:=0
−→ {S11, T 10}.
We update the region component of S00 to S11 in the target state to reflect
the difference between the values of x in locations S and T in A after the edge.
Hence, the edge a, n = 0? from {S11, T 10} (due to S11) requires no time elapse
as a is valid from S when x = 1? (which is the value of x in S11).
S00
S11
T10
S01
S11+
T10
a, n < 1?
n := 0
a
n = 1?
n := 0
b
n = 1?
a, n < 1?
n := 0
a, n = 1?
n := 0
b, n = 1?
a, n = 0?a, n = 0?
Fig. 3.4. Deterministic one clock IRTA Ad corresponding to the IRTA in Figure
2.1.
Theorem 3. Let A be an IRTA and let Ad be the deterministic one clock IRTA
constructed above. Then L(A) = L(Ad).
The proof is similar to the proof of Theorem 2 taking into consideration the
subset construction.
Complexity From the definition of Ad given above, Ld ⊆ 2L×RI . Hence |Ld| ≤
2|L|∗|RI − 1 = 2|L|∗(cm+2)
|X|
− 1.
Lemma 5. There is a non-deterministic IRTA A such that the smallest deter-
ministic one clock IRTA A1 corresponding to it has exactly 2|L| ∗ (cm+2)
|X|
− 1
locations, where L is the set of locations of A, X is the set of clocks of A and
cm is the maximum constant used in the guards of A.
Proof. See Appendix C. ⊓⊔
4 IRTA - Summary
We have given a simple and elegant technique to determinize the class IRTA and
to reduce the number of clocks. The complexity bound we obtain is also optimal.
If we allow ǫ moves in the IRTA A, we can follow the clock reduction technique
explained above by treating ǫ as a special symbol.
5 Integer resets in stopwatch automata
Stopwatches are variables whose rate of growth is either 0 or 1. Stopwatch au-
tomata (SWA) [8] obtained by adding stopwatches to timed automata render
reachability undecidable while being expressively equivalent to linear hybrid au-
tomata [2]. Reachability is decidable for interrupt timed automata (ITA) [6], a
variant of SWA with linear constraints, linear updates and restrictions on rates
of growth and use of stopwatches in updates as well as constraints. To the best of
our knowledge, this is the only known decidable variant of SWA. In this section,
we explore the idea of integer resets in the context of stopwatch automata and
define Integer Reset Stopwatch Automata (IRSA). We show that reachability
is decidable for IRSA if diagonal constraints are not allowed. Further, in the
absence of diagonal constraints, IRSA is determinizable, and closed under com-
plementation, union and intersection. Undeciability of rechability of IRSA with
diagonal constraints indicates that IRSA and ITA are incomparable.
An integer reset stopwatch automaton (IRSA) is a stopwatch automaton
A = (L,L0, Σ,X,Z,E, F, η) where (i) L,L0, F,X and Σ are the same as in
timed automata; (ii) Z is a set of stopwatches; (iii) η : L→ {0, 1}|Z| assigns the
rate of growth of stopwatches in locations; (iv) E ⊆ L×L×Σ×C(X∪Z)×2X∪Z
is the set of transitions such that for every e = (l, l′, a, ϕ, φ) ∈ E, whenever φ 6= ∅
or η(l) 6= η(l′), ϕ consists of at least one atomic clock constraint of the form (a)
x = c, for some x ∈ X, c ∈ N, (b) z = c for some z ∈ Z, c ∈ N provided
η(l)(z) = 1.
The valuations of all variables is ν : X ∪ Z → T. Time elapse of t units in
a location l ∈ L, denoted as ν + t is as earlier (in Section 2) for clocks. For
stopwatches it is defined as ∀z ∈ Z, ν+ t(z) is ν(z)+ t if η(l)(z) = 1, and is ν(z)
if η(l)(z) = 0. Constraint satisfaction ν |= ϕ and resets ν[φ := 0] are interpreted
as defined earlier. It is easy to see that the semantics of IRSA are largely similar
to those of timed automata. We follow the same notations as in Section 2.
Proposition 1. Let A be an IRSA and ν be a valuation in any given run of A.
Then ∀x, y ∈ X ∪ Z, frac(ν(x)) = frac(ν(y)).
This proposition follows as a direct result of the definition of IRSA and Lemma
1. It allows us to consider R as the set of IRSA regions partitioning TX∪Z .
These are the same as IRTA regions (defined in Section 2) over the set X ∪ Z.
Given an IRSA A, we give a technique to convert it into a language equivalent
IRTA B. The construction is along the same lines as clock reduction in Section
3.1. We consider the locations of B to be L × RI . Given a location (l, α) of B,
and a transition (l, α) −→ (l′, α′), α is updated to α′ on edges l −→ l′ of A
that (i) reset a clock or stopwatch or (ii) η(l) 6= η(l′). For each stopwatch z in
A, there is a clock xz in B simulating z. We consider atomic constraints in A
to be of the form x ∈ I where x ∈ X ∪ Z and I ∈ I. For example, an edge
with constraint x = 2 ∧ z < 1 can be represented as two edges with constraints
x ∈ [2] ∧ z ∈ [0] and x ∈ [2] ∧ z ∈ (0, 1) respectively. The formal construction of
B from A is given below.
Given an IRSA A = (L,L0, Σ,X,Z,E, F, η) construct an IRTA B =
(L′, L′0, Σ,X ∪ Z
′, E′, F ′) as follows: (i) L′ ⊆ L × RI , RI is the set of in-
tegral and saturated IRSA regions over X ∪ Z; (ii) L′0 = L0 × {α0} where
α0 = ([0], [0], · · · [0]); (iii) F ′ ⊆ F ×RI ; (iv) Z ′ is a set of new clocks such that
for every z ∈ Z, there is a unique clock xz in Z ′ corresponding to z via a bijec-
tion Z ′ ↔ Z; (v) E′ ⊆ L′×Σ×C(X ∪Z ′)× 2X∪Z
′
×L′ is the set of transitions.
A transition (l, α)
a,ϕ′,φ′
−→ (l′, α′) is defined iff there exists a transition l
a,ϕ,φ
−→ l′ in
E such that
(a) ∃ I ∈ I such that α + I |= ϕ. ∀x ∈ X , (α + I)(x) = α(x) + I and
∀z ∈ Z, (α + I)(z) = α(z) + I if η(l)(z) = 1, else (α+ I)(z) = α(z);
(b) ϕ′ is obtained by replacing z ∈ c+ α(z) in ϕ by xz ∈ c, for all z ∈ Z;
(c) φ′ = (φ ∩X) ∪ Z ′ if φ 6= ∅ or η(l) 6= η(l′). Otherwise, φ′ = ∅;
(d) α′ = (α+ I)[φ := 0] if φ′ 6= ∅; else α′ = α.
Each time a reset occurs or a rate changing edge is taken in A, the corre-
sponding edge in B resets all clocks in Z ′ and updates α to contain the latest
values of stopwatches. Hence constraints involving Z ′ should pertain to the elapse
since the last update of α. Thus, the constraints in B replace z ∈ c + α(z) by
xz ∈ c. Appendix D gives an example of this construction and establishes that
the resulting timed automaton is indeed an IRTA.
Lemma 6. Let A be an IRSA and B be the IRTA constructed as above. Then
L(A) = L(B).
Corollary 1. Reachability is decidable for the class IRSA. Further, it is closed
under all boolean operations.
Lemma 6 can be proved along the lines of Theorem 2. Corollary 1 follows from
Lemma 6, Theorem 3 and decidability of emptiness of timed automata [3]. Note
that the timed automaton B has at most |L| × (cm + 2)|X∪Z| locations where
cm is the maximum constant used in the constraints of A. This bound can be
proved to be tight employing the same technique as in Lemma 4.
IRSA with diagonal constraints : It is well known that diagonal constraints
do not add to the expressive power of timed automata. However, we note that
diagonal constraints involving stopwatches renders reachability undecidable for
IRSA. It is easy to see that Minsky’s two counter machine can be simulated using
3 stopwatches x1, x2, x3 and one clock g by following the encoding c1 = x1 − x2
and c2 = x2 − x3 for counters c1, c2. Incrementing c2 is accomplished by a
transition
g=0?
−→ s
g=1?g:=0
−→ where η(S)(x3) = 0 and η(S)(xi) = 1, ∀i < 3. A
simple diagonal constraint x1 − x2 = 0? is sufficient to check if c1 is zero.
Acknowledgement: We thank the anonymous reviewers for useful comments.
References
1. S. Adams, J. Ouaknine and J. Worrell. Undecidability of universality for timed
automata with minimal resources. Proceedings of FORMATS’07, LNCS 4763, 25-
37, 2007.
2. R. Alur, C. Courcoubetis, N. Halbwachs, T.A. Henzinger, P. Ho, X. Nicollin, A.
Olivero, J. Sifakis and S. Yovine. The algorithmic analysis of hybrid systems. The-
oretical Computer Science, 138:3-34, 1995.
3. R. Alur and D. L. Dill. A Theory of Timed Automata. Theoretical Computer Science,
126(2),183-235 1994.
4. R. Alur, L. Fix and T. Henzinger. A determinizable class of timed automata. Pro-
ceedings of CAV’94, LNCS 818, 1-13, 1994.
5. C. Baier, N. Bertrand, P. Bouyer and T. Brihaye. When are Timed Automata
Detreminizable?. Proceedings of ICALP’09, LNCS 5556, 43-54, 2009.
6. B. Be´rard and S. Haddad. Interrupt Timed automata. Proceedings of FOSSACS
’09, LNCS 5504, 197-211, 2009.
7. P. Bouyer, C. Duford, E. Fleury, and A. Petit. Updatable Timed Automata. Theo-
retical Computer Science, 321(2-3): 291-345, 2004.
8. F. Cassez and K. G. Larsen. The impressive power of stopwatches. In Proc. of concur
2000: concurrency theory, 138-152. Springer, 1999.
9. Olivier Finkel. Undecidable Problems About Timed Automata. Proceedings of FOR-
MATS’06, LNCS 4202, 187-199, 2006.
10. K. Nagaraj. Topics in Timed Automata.Master’s Thesis, Department of Computer
Science & Engineering, Indian Institute of Technology, Bombay, July 2006.
11. P. V. Suman, P. K. Pandya, S. N. Krishna and L. Manasa. Timed Automata
with Integer Resets: Language Inclusion and Expressiveness. Proceedings of FOR-
MATS’08, LNCS 5215, 78-92, 2008.
12. P. V. Suman, P. K. Pandya, S. N. Krishna and L. Manasa.
Timed automata with integer resets: Langauge inclusion and expres-
siveness. Research report TIFR-SPKG-GM-2008/1,2008 available at
http://www.tcs.tifr.res.in/∼vsuman/TechReps/IrtaLangInclTechRep.pdf.
13. P. V. Suman and P. K. Pandya. Determinization and Expressiveness of Integer
Reset Timed Automata with Silent Transitions. Proceedings of LATA 2009, LNCS
5457, 728-739, 2008.
Appendix
A Equivalent runs in A and A1
Consider the IRTA A in Figure 2.1 and its corresponding one clock IRTA A1 in
Figure 3.1. We now show a demonstration of the proof of Theorem 2 with an
example. Recall that a state in A is of the form (li, (ν′i(x), ν
′
i(y))) and a state in
A1 is (li, (αi(x), αi(y)), µ′i(n)). We shall denote the clock intervals [0], [1], (1,∞)
as 0, 1, 1+ respectively.
Consider a timed word ρ = (a, 0.5)(a, 1)(a, 1)(b, 2)(a, 3). The run correspond-
ing to ρ in A is r = (S, (0, 0))
0.5
−→ (S, (0.5, 0.5))
a,x≤1
−→ (S, (0.5, 0.5))
1
−→
(S, (1, 1))
a,x≤1
−→ (S, (1, 1))
1
−→ (S, (1, 1))
a,x=1?,y:=0
−→ (T, (1, 0))
2
−→
(T, (2, 1))
b,y=1?x:=0
−→ (S, (0, 1))
3
−→ (S, (1, 2))
a
−→ (T, (1, 0)). There exists a run
r1 in A1 corresponding to ρ given by r1 = (S, (0, 0), 0)
0.5
−→ (S, (0, 0), 0.5)
a,n≤1
−→
(S, (0, 0), 0.5)
1
−→ (S, (0, 0), 1)
a,n≤1
−→ (S, (0, 0), 1)
1
−→ (S, (0, 0), 1)
a,n=1?n:=0
−→
(T, (1, 0), 0)
2
−→ (T, (1, 0), 1)
b,n=1?,n:=0
−→ (S, (0, 1), 0)
3
−→ (S, (0, 1), 1)
a,n=1?,n:=0
−→
(T, (1, 0), 0). It is easy to see that ν′i = αi + µ
′
i holds for all i.
B Determinization of A1
In Section 3.1, we saw how to build a one clock possibly non-deterministic IRTA
A1 for a given IRTA A with any number of clocks. As A1 is also an IRTA, we
can apply the same technique outlined in Section 3.2 to obtain a deterministic
one clock IRTA A1d. From Theorems 2 and 3, we know that L(A) = L(A1) and
L(A1) = L(A1d). Hence L(A) = L(A1d).
The Figure B.1 shows the deterministic one clock IRTA A1d obtained from
A1 in Figure 3.1 following definition in Section 3.2. Note that A1d is the same
as Ad in Figure 3.4.
A0
A1
B0
C0
C1
B0
a, n < 1?
n := 0
a
n = 1?
n := 0
b
n = 1?
a, n < 1?
n := 0
a, n = 1?
n := 0
b, n = 1?
a, n = 0?a, n = 0?
Fig.B.1. The deterministic one clock IRTA A1d corresponding to the IRTA A1
in Figure 3.1. Here A, B and C represnt the locations S00, T 10 and S01 of A1
respectively.
C Proof of Lemma 5
Consider the non-deterministic IRTA A in Figure C.1. It is clear that Ad in
Figure C.1 has exactly 2|L| ∗ (cm+2)
|X|
− 1 number of locations.
s
d1, d2, d3
d4, d5
S1 S2 S4 S5
S3 S6 S7
e1, c1
a3 b0, e1, a3
e0, a2
b0, b1, e1, a3 e1, c1, a3
e0, a2 a0, a2
b1
c0
e0
a1
b1
c1
c0
b0
a1
c0, c1
e0
b1
a0
a1b0
c0
Fig.C.1. IRTA A and its deterministic IRTA A′. The locations S1, S2, S3, S4,
S5, S6 and S7 represent {S, 0}, {(S, 0), (S, 1)}, {(S, 1)}, {(S, 0), (S, 1), (S, 1+)},
{(S, 0), (S, 1+)}, {(S, 1), (S, 1+)} and {(S, 1+)} respectively. Here the symbols
represent the following timed transitions d1 ::= b, x = 1?, x := 0, d2 ::= b, x ≥ 1?,
d3 ::= c, x = 1?x := 0, d4 ::= c, x > 1?, d5 ::= e, x ≥ 1?, b0 ::= b, n = 0?,
b1 ::= b, n = 1?, n := 0, c0 ::= c, n = 0?, c1 ::= c, n = 1?, n := 0, e0 ::=
e, n = 0?, e1 ::= e, n = 1?, a0 ::= b, n = 0?; c, n = 0?; e, n = 0?, a1 ::= b, n ∈
(0, 1)?; c, n ∈ (0, 1)?; e, n ∈ (0, 1)?, a2 ::= b, n > 0?; c, n > 0?; e, n > 0? and
a3 ::= b, n > 1?; c, n > 1?; e, n > 1?.
The proof of Lemma 5 follows from the automaton Ad in Figure C.1.
D Details of Section 5
B is an IRTA : From the definition of B, it is easy to observe the following.
– For every resetting edge e in A, there is a resetting edge e′ in B that resets
all clocks in Z ′ in addition to clocks mentioned in e.
– For every rate changing edge (source and target have different η values) e
in A, there exists an edge e′ in B which resets all clocks in Z ′.
By definition of A, we are assured that these kinds of edges occur at integer time
units as they are accompanied by atomic constraints of the form (a) x = c, for
some x ∈ X, c ∈ N, (b) z = c for some z ∈ Z, c ∈ N provided η(l)(z) = 1. Now
consider the corresponding constraints in B.
– If all the atomic constraints are over X , then they are the same in B.
– If the atomic constraints in A involve z = c (same as z ∈ [c]) then the
corresponding constraint in B is of the form xz ∈ [c] − α(z). As α ∈ RI
over X ∪ Z, α(z) is either integral or saturated. If α(z) is integral then
[c]− α(z) is also integral. If α(z) = (cm,∞), then we are assured that there
is no constraint of the form z = c, c > cm in A and hence no constraint
xz ∈ [c]− α(z) in B.
From the above argument, it is clear that all resetting edges in B are accompanied
by atomic constraints of the form x ∈ [c], x ∈ X ∪ Z ′. Thus, B is an IRTA.
An IRSA A and its language equivalent IRTA B
S, 11 T, 10
U, 01V, 01
a, x = 1?
g := 0
y := 0
h := 0
b, g = 1?
c, h < 1?
d, h = 1? x := 0
d, g ≤ 1?
Fig.D.1. IRSA A with clocks x, y and stopwatches g, h. The location (T, 10)
indicates that η(T )(g) = 1 and η(T )(h) = 0.
S
0000
T
1101
U
1+010
V
1+010
S
011+1
T
11+01+
a, x = 1?
{e, f}
b, e = 1?
{e, f, y}
c, f < 1?
{e, f, x}
d, f = 1?
{e, f}
a, x = 1?
b, e = 1?
{e, f, y}
d, e = 0?
Fig.D.2. Timed automaton B which is language equivalent to IRSA in Figure
D.1. Here the clock intervals [0], [1], (1,∞) are represented as 0, 1, 1+ respectively.
Location (T, 1101) stands for (T, (x = 1, y = 1, g = 0, h = 1)). The set of clocks
to be reset is indicated on each edge. Clocks e, f simulate the stopwatches g, h
respectively.
Proof of Lemma 6 :
Language equivalence L(A) = L(A1) in Theorem 2 was established by proving
that for a run inA there exists a run inA1 such that ν′i = αi+µ
′
i always. A similar
proof which inducts on the number of symbols in a timed word can be given for
Lemma 6 too. The hypothesis is that for a state (li, ν
′
i) there exists a state
(li, αi, µ
′
i) in B such that ν
′
i ∩X = µ
′
i ∩X and ∀z ∈ Z, ν
′
i(z) ∈ αi(z) + 〈µ
′
i(xz)〉.
Thus, ν′i(z) |= z ∈ c+ αi(z) iff µ
′
i(xz) |= xz ∈ c for all i.
