Zenoness for Timed Pushdown Automata by Abdulla, Parosh Aziz et al.
L. Clemente and L. Holik (Eds.): 15th International Workshop on
Verification of Infinite-State Systems (INFINITY’13)
EPTCS 140, 2014, pp. 35–47, doi:10.4204/EPTCS.140.3
Zenoness for Timed Pushdown Automata
Parosh Aziz Abdulla Mohamed Faouzi Atig Jari Stenman
Timed pushdown automata are pushdown automata extended with a finite set of real-valued clocks.
Additionaly, each symbol in the stack is equipped with a value representing its age. The enabledness
of a transition may depend on the values of the clocks and the age of the topmost symbol. Therefore,
dense-timed pushdown automata subsume both pushdown automata and timed automata. We have
previously shown that the reachability problem for this model is decidable. In this paper, we study
the zenoness problem and show that it is EXPTIME-complete.
1 Introduction
Pushdown automata [9, 20, 16, 17] and timed automata [6, 11, 10] are two of the most widely used
models in verification. Pushdown automata are used as models for (discrete) recursive systems, whereas
timed automata model timed (nonrecursive) systems. Several models have been proposed that extend
pushdown automata with timed behaviors [8, 14, 12, 13, 15].
We consider the model of (Dense-)Timed Pushdown Automata (TPDA), introduced in [1], that sub-
sumes both pushdown automata and timed automata. As in the case of a pushdown automaton, a TPDA
has a stack which can be modified by pushing and popping. A TPDA extends pushdown automata with
time in the sense that the automaton (1) has a finite set of real-valued clocks, and (2) stores with each
stack symbol its (real-valued) age. Pushing a symbol adds it on top of the stack with an initial age
chosen nondeterministically from a given interval. A pop transition removes the topmost symbol from
the stack provided that it matches the symbol specified by the transition, and that its age lies within a
given interval. A TPDA can also perform timed transitions, which simulate the passing of time. A timed
transition synchronously increases the values of all clocks and the ages of all stack symbols with some
non-negative real number. The values of the clocks can be tested for inclusion in a given interval or non-
deterministically reset to a value in a given interval. The model yields a transition system that is infinite
in two dimensions; the stack contains an unbounded number of symbols, and each symbol is associated
with a unique real-valued clock.
In [1], we showed that the reachability problem, i.e. the problem of deciding whether there exists a
computation from the initial state to some target state, is decidable (specifically, EXPTIME-complete). In
this paper, we address the zenoness problem for TPDA. The zenoness problem is the problem of deciding
whether there is a computation that contains infinitely many discrete transitions (i.e. transitions that are
not timed transitions) in finite time [5, 4, 21]. Zeno computations may represent specification errors,
since these kinds of runs are not possible in real-world systems. We show that the zenoness problem for
TPDA can be reduced to the problem of deciding whether a pushdown automaton has an infinite run with
the labelling aω. The latter problem is polynomial in the size of the pushdown automaton, which is itself
exponential in the size of the TPDA.
Related Work
The works in [8, 14, 12, 13, 15] consider pushdown automata extended with clocks. However, these
models separate the timed part and the pushdown part of the automaton, which means that the stack
36 Zenoness for Timed Pushdown Automata
symbols are not equipped with clocks.
In [7], the authors define the class of extended pushdown timed automata. An extended pushdown
timed automaton is a pushdown automaton enriched with a set of clocks, with an additional stack used to
store/restore clock valuations. In our model, clocks are associated with stack symbols and store/restore
operations are disallowed. The two models are quite different. This is illustrated, for instance, by the
fact that the reachability problem is undecidable in their case.
In [22], the authors introduce recursive timed automata, a model where clocks are considered as
variables. A recursive timed automaton allows passing the values of clocks using either pass-by-value
or pass-by-reference mechanism. This feature is not supported in our model since we do not allow pass-
by-value communication between procedures. Moreover, in the recursive timed automaton model, the
local clocks of the caller procedure are stopped until the called procedure returns. The authors show
decidability of the reachability problem when either all clocks are passed by reference or none is passed
by reference. This is the model that is most similar to ours, since in both cases, the reachability problem
reduces to the same problem for a pushdown automaton that is abstract-time bisimilar to the timed
system.
In a recent work [2] we have shown decidability of the reachability problem for discrete-timed push-
down automata, where time is interpreted as being incremented in discrete steps and thus the ages of
clocks and stack symbols are in the natural numbers. This makes the reachability problem much simpler
to solve, and the method of [2] cannot be extended to the dense-time case.
Finally, the zenoness problem for different kinds of timed systems is well studied in the literature
(see, e.g., [4, 18] for timed automata and [3] for dense-timed Petri nets).
2 Preliminaries
We use N and R≥0 to denote the set of natural numbers and non-negative reals, respectively. For values
n,m ∈ N, we denote by the intervals [n : m], (n : m) [n : m), (n : m], [n :∞) and (n :∞) the sets of
values r ∈ R≥0 satisfying the constraints n ≤ r ≤m, n < r < m, n ≤ r < m, n < r ≤m, n ≤ r, and
n < r, respectively. We let I denote the set of all such intervals.
For a non-negative real number r ∈ R≥0, with r = n+ r′ n ∈ N, and r′ ∈ [0 : 1), we let brc = n
denote the integral part, and frac(r) = r′ denote the fractional part of r. Given a set S, we use 2S for
the powerset of S. For sets A and B, f : A→ B denotes a (possibly partial) function from A to B. We
write f(a) =⊥ when f is undefined at a ∈ A. We use dom(f) and range(f) to denote the domain and
range of f . We write f [a← b] to denote the function f ′ such that f ′(a) = b and f ′(x) = f(x) for x 6= a.
The set of partial functions from A to B is written as [A→B].
Let A be an alphabet. We denote by A∗, (resp. A+) the set of all words (resp. non-empty words)
over A. The empty word is denoted by . For a word w, |w| denotes the length of w (we have || = 0).
For words w1,w2, we use w1 ·w2 for the concatenation of w1 and w2. We extend the operation · to
sets W1,W2 of words by defining W1 ·W2 = {w1 ·w2 |w1 ∈W1,w2 ∈W2}. We denote by w[i] the ith
element ai of w = a1 . . .an.
We use Aω to denote the set of all infinite words over the alphabet A. We let aω denote the infinite
word aaa. . . and write |w|=∞ for any infinite word w over A.
We define a binary shuffle operation ⊗ inductively: For w ∈ (2A)∗, define w⊗  = ⊗w = {w}.
For sets r1, r2 ∈ 2A and words w1,w2 ∈ (2A)∗, define (r1 ·w1)⊗ (r2 ·w2) = (r1 · (w1⊗ (r2 ·w2)))∪ (r2 ·
((r1 ·w1)⊗w2)))∪ ((r1∪ r2) · (w1⊗w2)).
P.A. Abdulla, M.F. Atig, and J. Stenman 37
Let w = a1 . . .am and w′ = b1 . . . bn be words in A∗. An injection from w to w′ is a par-
tial function h : {1, . . . ,m} → {1, . . . ,n} that is strictly monotonic, i.e. for all i, j ∈ {1, . . . ,m}, if
i < j and h(i),h(j) 6= ⊥, then h(i) < h(j). The fragmentation w/h of w w.r.t. h is the sequence
〈w0〉ai1〈w1〉ai2 . . .〈wk−1〉aik〈wk〉, where dom(h) = {i1, . . . , ik} and w =w0 ·ai1 ·w1 · · · · ·aik ·wk. The
fragmentation w′/h is the sequence 〈w′0〉bj1〈w′1〉 . . .〈w′l−1〉bjl〈w′l〉, where range(h) = {j1, . . . , jl} and
w′ = w′0 · bj1 · · · · · bil ·w′l.
Pushdown Automata
A pushdown automaton is a tuple (Q,qinit,Σ,Γ,∆), where Q is a finite set of states, qinit is an initial
state, Σ is a finite input alphabet, Γ is a finite stack alphabet and ∆ is a set of transition rules of the form〈
q,σ,nop, q′
〉
,
〈
q,σ,pop(a), q′
〉
or
〈
q,σ,push(a), q′
〉
, where q,q′ ∈Q, a ∈ Γ and σ ∈ Σ∪{}.
A configuration is a pair (q,w), where q ∈ Q and w ∈ Γ∗. We define γinit = (qinit, ) to be the
initial configuration, meaning that the automaton starts in the initial state and with an empty stack. We
define a transition relation→ on the set of configurations in the following way: Given two configurations
γ1 = (q1,w1), γ2 = (q2,w2) and a transition rule t =
〈
q1,σ,op, q2
〉 ∈ ∆, we write γ1 t−→ γ2 if one of
the following conditions is satisfied:
• op= nop and w2 = w1,
• op= push(a) and w2 = a ·w1,
• op= pop(a) and w1 = a ·w2.
For any transition rule t =
〈
q1,σ,op, q2
〉 ∈ ∆, define Σ(t) = σ. We define −→= ∪t∈∆ t−→ and
let −→∗ be the reflexive transitive closure of −→. We say that an infinite word σ1σ2σ3 · · · ∈ Σω is a
trace of P if there exists configurations γ1,γ2,γ3, . . . such that γ1 = γinit, γ1 t1−→ γ2 t2−→ γ3 t3−→ . . . , and
Σ(ti) = σi for all i ∈ N. We denote by Traces(P) the set of all traces of P .
3 Timed Pushdown Automata
Syntax
A Timed Pushdown Automaton (TPDA) is a tuple T = (QT , qTinit,XT ,ΓT ,∆T ). Here, QT is a finite set
of states, qTinit ∈QT is an initial state, XT is a finite set of clocks, ΓT is a finite stack alphabet and ∆T
is finite set of transition rules of the form (q,op, q′), where q,q′ ∈QT and op is one of the following:
nop An “empty” operation that does not modify the clocks or the stack,
push(a,I) Pushes a ∈ ΓT to the stack with a (nondeterministic) initial age in I ∈ I,
pop(a,I) Pops the topmost symbol if it is a and its age is in I ∈ I,
test(x,I) Tests if the value of x ∈XT is within I ∈ I,
reset(x,I) Sets the value of x ∈XT (nondeterministically) to some value in I ∈ I.
Intuitively, a transition rule
〈
q,op, q′
〉
means that the automaton is allowed to move from state q to
state q′ while performing the operation op. The nop operation can be used to switch states without
changing the stack or the values of clocks.
38 Zenoness for Timed Pushdown Automata
Semantics
The semantics of TPDA is defined by a transition relation over the set of configurations. A configuration
is a tuple (q,X,w), where q ∈QT is a state, X : XT → R≥0 is a clock valuation which assigns concrete
values to clocks, and w= (a1,y1) . . .(an,yn)∈ (ΓT ×R≥0)∗ is a stack content. In other words, the stack
content is a sequence of pairs, each pair consisting of a symbol and its age. Here, (a1,y1) is on the
top and (an,yn) is on the bottom of the stack. Given a TPDA T , we denote by Conf (T ) the set of all
configurations of T .
The transition relation consists of two types of transitions; discrete transitions, which correspond to
applications of the transition rules, and timed transitions, which simulate the passing of time.
Discrete Transitions. Let t = (q,op, q′) ∈ ∆T be a transition rule and let γ = (q,X,w) and γ′ =
(q′,X′,w′) be configurations. We have γ t−→ γ′ if one of the following conditions is satisfied:
• op= nop, w′ = w and X′ = X,
• op= push(a,I), w′ = (a,v)w for some v ∈ I , and X′ = X,
• op= pop(a,I), w = (a,v)w′ for some v ∈ I , and X′ = X,
• op= test(x,I), w′ = w, X′ = X and X(x) ∈ I ,
• op= reset(x,I), w′ = w, and X′ = X[x← v] for some v ∈ I .
Timed Transitions. Let r ∈ R≥0 be a real number. Given a clock valuation X, let X+r be the function
defined by X+r(x) = X(x) + r for all x ∈X . For any stack content w = (a1,y1) . . .(an,yn), let w+r be
the stack content (a1,y1 + r) . . .(an,yn + r). Let γ = (q,X,w) and γ′ = (q′,X′,w′) be configurations.
Then γ r−→ γ′ if and only if q′ = q, X′ = X+r and w′ = w+r.
Computations. A computation (or run) pi is a (finite or infinite) sequence of the form
(γ1, τ1,γ2)(γ2, τ2,γ3) · · · (written as γ1 τ1−→ γ2 τ2−→ γ3 · · · ) such that γi τi−→ γi+1 for all 1 ≤ i ≤ |pi|.
For τ ∈ (∆T ∪R≥0), we define Disc(τ) = 1 if τ ∈∆T and Disc(τ) = 0 if τ ∈ R≥0. Then, the number
of discrete transitions in pi is defined as |pi|disc =
∑|pi|
i=1Disc(τi). Note that if |pi| =∞, then it may be
the case that |pi|disc =∞.
In this paper, we will consider the duration of transitions. Given a τ ∈ (∆T ∪R≥0), the duration
δ(τ) is defined in the following way:
• δ(τ) = 0 if τ ∈∆T . Discrete transitions have no duration.
• δ(τ) = τ if τ ∈ R≥0.
For a computation pi, we define the duration δ(pi) to be ∑|pi|i=1 δ(τi). If the automaton can perform
infinitely many discrete transitions in finite time, it exhibits a behavior called zenoness.
Definition 1 (Zenoness). A computation pi is zeno if it contains infinitely many discrete transitions and
has a finite duration, i.e. if |pi|disc =∞ and δ(pi)≤ c for some c ∈ N. pi is non-zeno if it is not zeno.
The zenoness problem is the question whether a given TPDA contains a zeno run starting from the
initial configuration:
Definition 2 (The Zenoness Problem). Given a TPDA T , decide if there exists a computation pi =
γinit −→ γ1 −→ γ2 −→ . . . from the initial configuration of T such that pi is zeno.
P.A. Abdulla, M.F. Atig, and J. Stenman 39
Given two computations pi = γ1
τ1−→ γ2 τ2−→ γ3 τ3−→ ·· · and pi′, we say that pi′ is a prefix of pi if
pi = pi′ or pi′ = γ1
τ1−→ γ2 τ2−→ ·· · τn−1−→ γn for some 1≤ n. We say that pi′ is a suffix of pi if either pi′ = pi
or pi′ = γn
τn−→ γn+1 τn+1−→ ·· · for some n ∈ N. We define the concatenation of a finite computation
pi = γ1
τ1−→ γ2 τ2−→ ·· · τn−1−→ γn with a (finite or infinite) computation pi′ = γ′1
τ ′1−→ γ′2
τ ′2−→ ·· · , where
γn = γ′1, as pi ·pi′ = γ1 τ1−→ ·· ·
τn−1−→ γn τ
′
1−→ γ′2
τ ′2−→ ·· · .
Let pi= pi1 ·pi2 be a computation. We call the suffix pi2 a unit suffix if δ(pi)< 1. The question whether
a TPDA T has a zeno run starting from the initial configuration can be reduced to the question whether
there exists a run from the initial configuration which contains a zeno unit suffix:
Lemma 1. A TPDA T contains a zeno run iff T contains a run pi = pi1 ·pi2 such that pi2 is zeno and
δ(pi2)< 1.
Proof. We prove both directions:
If: By the definition of zenoness.
Only if: Assume pi is a zeno run of T . Then there exists a smallest n ∈ N such that δ(pi)≤ n. Call it c.
This means that the longest prefix pi′ of pi for which δ(pi′)≤ c−1 contains finitely many discrete
transitions. We have that after pi′, the next transition in pi will be a timed transition γ r−→ γ′ for
some r ∈ R≥0, and δ(pi′) + r > c− 1. Now, let pi1 = pi′ · γ r−→ γ′, and let pi2 be the remaining
suffix in pi. We can conclude that δ(pi2) = c− δ(pi1)< c− (c−1) = 1.
In the rest of the paper, we will show how to decide whether T contains a run that has a zeno unit
suffix. Intuitively, given a TPDA T , we will construct a pushdown automaton P which simulates the
behavior of T . The pushdown automaton P operates in two modes.
Initially, P runs in the first mode, in which it simulates the behavior of T exactly as described in [1].
While P runs in the first mode, all transitions are labelled with . At any time, P may guess that it can
simulate a unit suffix. In this case, P switches to the second mode, in which it reads symbols from a
unary alphabet (say {a}) while simulating discrete transitions of T . The question whether T contains a
unit suffix then reduces to the question whether Traces(P) includes aω.
4 Symbolic Encoding
In this section, we show how to construct a symbolic PDA P that simulates the behavior of a TPDA T .
The PDA uses a symbolic region encoding to represent the infinitely many clock valuations of T in a
finite way. The notion of regions was introduced in the classical paper on timed automata [6], in which
a timed automaton is simulated by a region automaton (a finite-state automaton that encodes the regions
in its states). This abstraction relies on the set of clocks being fixed and finite. Since a TPDA may in
general operate on unboundedly many clocks (the stack is unbounded, and each symbol has an age), we
cannot rely on this abstraction. Instead, we use regions of a special form as stack symbols in P . For each
symbol in the stack of T , the stack of P contains, at the same position, a region that relates the stack
symbol with all clocks. A problem with this approach is that we might need to record relations between
clocks and stack symbols that lie arbitrarily far apart in the stack. However, in [1], we show that it is
enough to enrich the regions in finite way (by recording the relationship between clocks and adjacent
stack symbols), thus keeping the stack alphabet of P finite.
40 Zenoness for Timed Pushdown Automata
(`,0) (a,1)(`•,1)
(b•,2)
(x1,4)
(x2,3)
(x•1,5)
(x•2,3)
(`•,0)
(`,0) (a
•,1) (x
•
1,4)
(x1,4)
(x•2,3)
(x2,3)
(c,0)R2
R1
Figure 1: Two examples of regions
Regions
A region is a word over sets, where each set consists of a number of items. There are plain items, which
represent the values of clocks and the topmost stack symbols. In addition, this set includes a reference
clock `, which is always 0 except when simulating a pop transition. Furthermore, we have shadow items
which record the values of the corresponding plain items in the region below. Shadow items are used to
remember the time that elapses while the plain symbols they represent are not on the top of the stack.
To illustrate this, assume that the region R1 in Figure 1 is the topmost region in the stack. R1 records
the integral values and the relationships between the clocks x1,x2, the topmost stack symbol a and the
reference clock `. It also relates these symbols to the values of x1,x2, b and ` in the previous topmost
region. Now, if we simulate the pushing of c with inital age in [0 : 1], one of the possible resulting
regions is R2. The region R2 uses x•1, x•2 and `• to record the previous values of the clocks (initially,
their values are identical to those of their plain counterparts). The value of the previous topmost symbol
a is recorded in a•. Finally, the region relates the new topmost stack symbol c with all the previously
mentioned symbols.
We define the set Y =X ∪Γ∪{`} of plain items and a corresponding set Y • =X•∪Γ•∪{`•} of
shadow items. We then define the set of items Z = Y ∪Y •.
Let cmax be the largest constant in the definition of T . We denote byMax the set {0,1, . . . , cmax,∞}.
A region R is a word r1 . . . rn ∈ (2Z×Max)+ such that the following holds:
• ∑ni=1 |(Γ×Max)∩ ri| = 1 and ∑ni=1 |(Γ•×Max)∩ ri| = 1. There is exactly one occurrence of
a stack symbol and one occurrence of a shadow stack symbol.
• ∑ni=1 |({`}×Max)∩ri|= 1 and∑ni=1 |({`•}×Max)∩ri|= 1. There is exactly one occurrence
of ` and one occurrence of `•.
• For all clocks x ∈ X , ∑ni=1 |({x}×Max)∩ ri| = 1 and ∑ni=1 |({x•}×Max)∩ ri| = 1. Each
plain clock symbol and shadow clock symbol occurs exactly once.
• ri 6=∅ for all 2≤ i≤ n. Only the first set may be empty.
For items z ∈ Z, if we have (z,k) ∈ ri for some i ∈ {1, . . . ,n} and some (unique) k ∈Max, then
define Val(R,z) = k and Index(R,z) = i. Otherwise, define Val(R,z) =⊥ and Index(R,z) =⊥ (this
may be the case for stack symbols). We define R> = {z ∈ Z |Index(R,z) 6=⊥}.
Operations on Regions
In order to define the transition rules of the symbolic PDA, we need a number of operations on regions:
P.A. Abdulla, M.F. Atig, and J. Stenman 41
Testing Satisfiability
When we construct new regions, we need to limit the values of the items to certain intervals. To do
this, we define what it means for a region to satisfy a membership predicate. Given an item z ∈ Z, an
interval I ∈ I and a region R such that z ∈R>, we write R  (z ∈ I) if and only if one of the following
conditions is satisfied:
• Index(R,z) = 1, V al(R,z) 6=∞ and V al(R,z) ∈ I ,
• Index(R,z)> 1, V al(R,z) 6=∞ and V al(R,z) +v ∈ I for all v ∈ R≥0 such that 0< v < 1,
• V al(R,z) =∞ and I is of the form (m :∞) or the form [m :∞) for some m ∈ N.
Adding and Removing Items
In the following, we define operations that describe how items are added and deleted from regions. We
also define, in terms of these operations, an operation that assigns a new value to an item.
For a region R = r1 . . . rn, an item z ∈ Z and an k ∈Max, we define R⊕ (z,k) to be the set of
regions R′ satisfying the following conditions:
• R= r1 . . . ri−1(ri∪{(z,k)})ri+1 . . . rn, where 1≤ i≤ n
• R= r1 . . . ri{(z,k)}ri+1 . . . rn, where 1≤ i≤ n
We extend the definition of ⊕ by letting R⊕a denote the set ⋃m∈MaxR⊕ (a,m), i.e. the set of regions
where we have added all possible values of a.
We defineR	z to be the regionR′ = r′1 . . . r′n, where, for 1≤ i≤ n, we have r′i = ri \{{z}×Max}
if ri \ {{z}×Max} 6= ∅, and r′i =  otherwise. We extend the definition of 	 to sets of items in the
following way: R	∅=R and R	{z1, . . .zn}= (R	z1)	{z2, . . .zn}.
Given a region R, an item z ∈ Z and an interval I ∈ I, we define an assignment operation. We write
R[z← I] to mean the set of regions R′ such that R′ ∈ (R	 z)⊕ z and R′  (z ∈ I). For any number
n ∈ N, we write R[z← n] to mean R[z← [n : n]].
Creating New Regions
When we push a new stack symbol, we need to record the values of clocks and the value of the current
top-most stack symbol. The operation Make takes as arguments a region, a stack symbol, and an interval,
It constructs the set of regions in which the shadow items record the values of the plain items in the old
topmost region, and the value of the stack symbol is in the given interval.
Given a region R, a stack symbol a ∈ Γ and an interval I ∈ I, we define Make(R,a ∈ I) to be the
set of regions R′ such that there are R1,R2,R3 satisfying the following:
• R1 =R	 (R>∩Y •),
• If R1 = r1 . . . rn, then R2 = r′1 . . . r′n, where r′i = ri∪{(y•,k) |(y,k) ∈ ri} for i ∈ {1, . . . ,n},
• R3 =R2	 (R>∩Γ),
• R′ ∈R3⊕a and R′  (a ∈ I).
42 Zenoness for Timed Pushdown Automata
Passage of Time
We implement the passage of time by rotating the region. A rotation describes the effect of the smallest
timed transition that changes the region. If the leftmost set (i.e. the set which represents items with
fractional part 0) is nonempty, a timed transition, no matter how small, will “push” those items out. If
the leftmost set is empty, the smallest timed transition that changes the regions is one that makes the
fractional parts of those items 0.
Given a pair (z,k) ∈ Z×Max, define (z,k)+ = (z,k′), where k′ = k+ 1 if k < cmax and k′ =∞
otherwise. For a set r ∈ 2Z×Max, define r+ = {(z,k)+ |(z,k)∈ r}. For a region R= r1 . . . rn, we define
R+ =R′ such that one of the following conditions is satisfied:
• r1 6=∅ and R′ =∅r1 . . . rn,
• r1 =∅ and R′ = r+n r1 . . . rn−1.
We denote by R++ the set {R,R+,(R+)+,((R+)+)+, . . .}. Note that this set is finite.
Product
When we simulate a pop transition, the region that we pop contains the most recent values of all clocks.
On the other hand, the region below it contains shadow items that record relationships between items
further down the stack. We need to keep all of this information. To do this, we define a product operation
 that merges the information contained in two regions. For regions P = p1 . . .p|P | and Q = q1 . . . q|Q|,
and an injection h from {1, . . . , |P |} to {1, . . . , |Q|}, we write P h Q iff the following conditions are
satisfied:
• V al(P,y•) = V al(Q,y) for all y ∈ P>∩Y ,
• For every i > 1, h(i) 6=⊥ iff there exists a y ∈ Y such that Index(P,y) = i,
• h(1) = 1,
• For all y ∈ Y , i ∈ {1, . . . , |P |} and j ∈ {1, . . . , |Q|}, if Index(P,y) = i and Index(Q,y•) = j,
then h(i) = j.
We say that P supports Q, written P  Q, if P h Q for some h. Let P/h = pi1〈P1〉pi2 . . .pim〈Pm〉
and Q/h = qj1〈Q1〉qj2 . . . qjm〈Qm〉. We define p′k = pik ∩ (Y •∪Γ) and q′k = qjk ∩ (X ∪{`}). Finally,
define r1 = p′1∪q′1 and, for k ∈ {2, . . . ,m}, define rk = p′k∪q′k if pk∪q′k 6=∅ and rk =  if pk∪q′k =∅.
Then, R ∈ P Q if R= r1 ·R1 · r2 . . . rm ·Rm and Rk ∈ Pk⊗Qk for k ∈ {1, . . . ,m}.
5 An EXPTIME Upper Bound for the Zenoness Problem
In this section, we prove our main result:
Theorem 2. The Zenoness problem for TPDA is in EXPTIME.
The rest of this section will be devoted to the proof of Theorem 2. Given a TPDA T =
(QT , qTinit,ΓT ,XT ,∆T ), we construct an (untimed) PDA P = (QP , qPinit,ΣP ,ΓP ,∆P) such that P sim-
ulates zeno runs of T . More specifically, P simulates a zeno run of T by first simulating the prefix, and
then simulating the unit suffix. In order to do this, P runs in two modes. In the first mode, it simulates
the prefix. In the second mode, it simulates the suffix while keeping track of the fact that the value of a
special control clock xcontrol is smaller than 1. We now describe the components of P .
P.A. Abdulla, M.F. Atig, and J. Stenman 43
The states of P are composed of two disjoint sets; the genuine states {0,1}×QT and some tempo-
rary states Tmp. Each genuine state (m,q) contains a state q from QT and a symbol m indicating the
current simulation mode. If m = 0, P is currently simulating the prefix of a run. Conversely, if m = 1,
P is simulating the suffix. The temporary states are used for intermediate transitions between config-
urations containing genuine states. We assume that we have functions tmp, tmp1 and tmp2 that input
arguments and map them to a unique element in Tmp. The initial state qPinit of P is the state (0, qTinit).
The input alphabet ΣP is the unary alphabet {a}. The automaton reads an a when (and only when)
it simulates a discrete transition in the suffix. When it simulates any other transition, it reads . Let
xcontrol 6∈XT be a special control clock. The stack alphabet ΓP contains all possible regions over the
items Z ∪{xcontrol,x•control}. The purpose of the control clock is to limit the duration of the suffix. We
will now describe the set ∆T of transition rules:
nop For each transition rule
〈
q1,nop, q2
〉 ∈ ∆T , the set ∆P contains the transition rules〈
(0, q1), ,nop,(0, q2)
〉
and
〈
(1, q1),a,nop,(1, q2)
〉
. Nop transitions are used for switching states with-
out modifying the clocks or the stack.
test(x ∈ I) We simulate a test transition in T with two transition in P . If the topmost region satisfies
the constraint, we pop it and move to a temporary state. Since a test transition is not supposed to modify
the stack, we push back the same region we popped, while moving to the second genuine state. Formally,
for each transition rule τ =
〈
q1,test(x ∈ I), q2
〉 ∈∆T , and region R such that R  (x ∈ I), the set ∆T
contains the transition rules:
• 〈(0, q1), ,pop(R),tmp(τ,R,0)〉,
• 〈tmp(τ,R,0), ,push(R),(0, q2)〉 (for simulating the prefix),
• 〈(1, q1),a,pop(R),tmp(τ,R,1)〉,
• 〈tmp(τ,R,1), ,push(R),(1, q2)〉 (for simulating the suffix).
reset(x← I) We simulate reset transitions by popping the topmost region and pushing it back, in a
similar way to test transitions, except that the given clock is nondeterministically set to some value in
the given interval. Formally, for each transition rule τ =
〈
q1,reset(x← I), q2
〉 ∈∆T , and each pair of
regions R,R′ such that R′ ∈R[x← I], the set ∆T contains the transition rules:
• 〈(0, q1), ,pop(R),tmp(τ,R,0)〉,
• 〈tmp(τ,R,0), ,push(R′),(0, q2)〉 (for simulating the prefix),
• 〈(1, q1),a,pop(R),tmp(τ,R,1)〉,
• 〈tmp(τ,R,1), ,push(R′),(1, q2)〉 (for simulating the suffix).
push(a,I) We will need two temporary states to simulate a push. First, we move to a temporary state
while popping the topmost region. This is done in order to remember its content. Then, we push back that
region unmodified. Finally, we push a region containing the given symbol, constructed from the previous
topmost region such that the initial age of the symbol is in the given interval. Formally, for each transition
rule τ =
〈
q1,push(a,I), q2
〉 ∈∆T , and each pair of regions R,R′ such that R′ ∈Make(R,a ∈ I), the
set ∆T contains the transition rules:
44 Zenoness for Timed Pushdown Automata
• 〈(0, q1), ,pop(R),tmp1(τ,R,0)〉,
• 〈tmp1(τ,R,0), ,push(R),tmp2(τ,R,0)〉,
• 〈tmp2(τ,R,0), ,push(R′),(0, q2)〉 (for simulating the prefix),
• 〈(1, q1),a,pop(R),tmp(τ,R,1)〉,
• 〈tmp1(τ,R,1), ,push(R),tmp2(τ,R,1)〉,
• 〈tmp(τ,R,1), ,push(R′),(1, q2)〉 (for simulating the suffix).
pop(a,I) The simulation of pop transitions also requires two temporary states. First, we pop the
topmost region and move to a temporary state. Then, in order to update the new topmost region, we need
to first pop it, then rotate and merge it with the first region we popped, and finally push back the result.
Formally, for each transition rule τ =
〈
q1,pop(a,I), q2
〉 ∈ ∆T , and all regions R1,R′1,R2, such that
R2  (a ∈ I) and R′1 ∈
⋃{R2R′ |R′ ∈R++1 and R′ R2}, the set ∆T contains the transition rules:
• 〈(0, q1), ,pop(R2),tmp1(τ,R2,0)〉,
• 〈tmp1(τ,R2,0), ,pop(R1),tmp2(τ,R2,0)〉,
• 〈tmp2(τ,R2,0), ,push(R′),(0, q2))〉 (for simulating the prefix),
• 〈(1, q1),a,pop(R2),tmp1(τ,R2,1)〉,
• 〈tmp1(τ,R2,1), ,pop(R1),tmp2(τ,R2,1)〉,
• 〈tmp2(τ,R2,1), ,push(R′),(1, q2))〉 (for simulating the suffix).
Timed Transitions
For every state q ∈QT and every pair of regions R,R′ such that R′ ∈R+[`← [0 : 0]] (this is a singleton
set), the set ∆P contains the transition rules:
• 〈(0, q), ,pop(R),tmp(timed,q,R,0)〉,
• 〈tmp(timed,q,R,0), ,push(R′),(0, q)〉.
Additionally, if R′  (xcontrol ∈ [0 : 1)), then ∆P also contains the transitions
• 〈(1, q), ,pop(R),tmp(timed,R,1)〉,
• 〈tmp(timed,R,1), ,push(R′),(1, q)〉.
Switching Modes
In addition to the transitions described so far, P must also be able to switch from mode 0 to mode 1. This
is done nondeterministically at any point in the simulation of the prefix. When the automaton changes
mode, it resets the control clock xcontrol. For each state q ∈ QT and region R, the set ∆P contains
the transition rules
〈
(0, q), ,pop(R),tmp(switch,q,R)
〉
and
〈
tmp(switch,q,R), ,push(R′),(1, q)
〉
,
where R′ is the region in the singleton set R[xcontrol← 0].
P.A. Abdulla, M.F. Atig, and J. Stenman 45
Correctness. The simulation of the prefix (mode 0) works exactly like the simulation in [1]. The
simulation of the suffix (mode 1) only imposes a restriction on the duration of the remaining run, namely
that the value of the control clock xcontrol may not reach 1. In other words, the automaton may simulate
any unit suffix. Additionally, it reads an a each time it simulates a discrete transition. This, together with
Lemma 1 implies the following result:
Lemma 3. There exists a zeno run in T if and only if for the corresponding symbolic automaton P , we
have aω ∈ Traces(P).
Using our construction, the size of P is exponential in the size of T . The problem of checking
aω ∈ Traces(P) is polynomial in the size of P [9]. This gives membership in EXPTIME for Theorem 2.
6 An EXPTIME Lower Bound for the Zenoness Problem
The following theorem gives EXPTIME-hardness for the zenoness problem for TPDA (matching its upper
bound).
Theorem 4. The zenoness problem for TPDA is EXPTIME-hard.
Proof. The following problem is EXPTIME-complete [19]: Given a labelled pushdown automaton P
recognizing the language L and n finite automata A1, . . . ,An recognizing languages L1, . . . ,Ln, is the
intersection L∩⋂ni=1Li empty? This problem can be reduced, in polynomial time, to the zenoness
problem for a TPDA T . The pushdown part of T simulates P , while a clock xi encodes the state of
the finite automaton Ai. We can use an additional control clock to ensure that no time passes during the
simulation. We may assume w.l.o.g. that the finite automata are free of -transitions. An -transition of
P is simulated by the pushdown part of T . A labelled transition of P is first simulated by the pushdown
part of T and then followed by a sequence of transitions that checks and updates the clocks in order to
ensure that each finite automaton Ai is able to match the transition.
From a final state of P , we introduce a series of transitions that checks if all finite-state automata
Ai are also in their final states. If they are, we move to a special state of T from which there exists a
zeno run. In this special state, we remove the restriction that time cannot pass and we add a self-loop
performing a nop operation. Thus, the intersection L∩⋂ni=1Li is empty if and only if T does not
contain a zeno run.
7 Conclusion and Future Work
In this paper, we have considered the problem of detecting zeno runs in TPDA. We showed that the
zenoness problem for TPDA is EXPTIME-complete. The proof uses a reduction from the zenoness
problem for TPDA to the problem of deciding whether aω is contained in the set of traces of a PDA.
More specifically, given a TPDA T , we construct a PDA P which simulates zeno runs of T and whose
size is exponential in the size of T .
We are currently considering the problem of computing the minimal (or infimal, if it does not exist)
reachability cost in the model of priced TPDA, in which discrete transitions have firing costs and stack
contents have storage costs, meaning that the cost of taking a timed transition depends on the stack
content.
Another interesting question is whether there are fragments of some suitable metric logic for which
model checking TPDA is decidable.
46 Zenoness for Timed Pushdown Automata
References
[1] P. A. Abdulla, M. F. Atig & J. Stenman (2012): Dense-timed pushdown automata. In: Logic in Computer
Science (LICS), 2012 27th Annual IEEE Symposium on, IEEE, doi:10.1109/LICS.2012.15.
[2] P. A. Abdulla, M. F. Atig & J. Stenman (2012): The Minimal Cost Reachability Problem in Priced Timed
Pushdown Systems. In: LATA, doi:10.1007/978-3-642-28332-1 6.
[3] P. A. Abdulla, P. Mahata & R. Mayr (2005): Decidability of Zenoness, syntactic boundedness and token-
liveness for dense-timed petri nets. In: FSTTCS 2004: Foundations of Software Technology and Theoretical
Computer Science, Springer, pp. 58–70, doi:10.1007/978-3-540-30538-5 6.
[4] R. Alur (1991): Techniques for Automatic Verification of Real-Time Systems. Ph.D. thesis, Dept. of Computer
Sciences, Stanford University.
[5] R. Alur & D. L. Dill (1990): Automata For Modeling Real-Time Systems. In: ICALP, LNCS 443, Springer,
pp. 322–335, doi:10.1007/BFb0032042.
[6] R. Alur & D. L. Dill (1994): A Theory of Timed Automata. Theor. Comput. Sci. 126(2), pp. 183–235,
doi:10.1016/0304-3975(94)90010-8.
[7] M. Benerecetti, S. Minopoli & A. Peron (2010): Analysis of Timed Recursive State Machines. In: TIME,
IEEE Computer Society, pp. 61–68, doi:10.1109/TIME.2010.10.
[8] A. Bouajjani, R. Echahed & R. Robbana (1994): On the Automatic Verification of Systems with Continuous
Variables and Unbounded Discrete Data Structures. In: Hybrid Systems, LNCS 999, Springer, pp. 64–85,
doi:10.1007/3-540-60472-3 4.
[9] A. Bouajjani, J. Esparza & O. Maler (1997): Reachability Analysis of Pushdown Automata: Application to
Model-Checking. In: CONCUR, LNCS 1243, Springer, pp. 135–150, doi:10.1007/3-540-63141-0 10.
[10] P. Bouyer, F. Cassez, E. Fleury & K. G. Larsen (2004): Optimal Strategies in Priced Timed Game Automata.
In: FSTTCS, LNCS 3328, Springer, pp. 148–160, doi:10.1007/978-3-540-30538-5 13.
[11] P. Bouyer & F. Laroussinie (2008): Model Checking Timed Automata. In Stephan Merz & Nicolas Navet,
editors: Modeling and Verification of Real-Time Systems, ISTE Ltd. – John Wiley & Sons, Ltd., pp. 111–140,
doi:10.1002/9780470611012.ch4.
[12] Z. Dang (2003): Pushdown timed automata: a binary reachability characterization and safety verification.
Theor. Comput. Sci. 302(1-3), pp. 93–121, doi:10.1016/S0304-3975(02)00743-0.
[13] Z. Dang, T. Bultan, O. H. Ibarra & R. A. Kemmerer (2004): Past pushdown timed automata and safety
verification. Theor. Comput. Sci. 313(1), pp. 57–71, doi:10.1016/j.tcs.2003.10.004.
[14] Z. Dang, O. H. Ibarra, T. Bultan, R. A. Kemmerer & J. Su (2000): Binary Reachability Analysis of Discrete
Pushdown Timed Automata. In: CAV, LNCS 1855, Springer, pp. 69–84, doi:10.1007/10722167 9.
[15] M. Emmi & R. Majumdar (2006): Decision Problems for the Verification of Real-Time Software. In: HSCC,
LNCS 3927, Springer, pp. 200–211, doi:10.1007/11730637 17.
[16] J. Esparza, D. Hansel, P. Rossmanith & S. Schwoon (2000): Efficient Algorithms for Model Checking Push-
down Systems. In: CAV, LNCS 1855, Springer, doi:10.1007/10722167 20.
[17] J. Esparza & S. Schwoon (2001): A BDD-Based Model Checker for Recursive Programs. In: CAV, LNCS
2102, Springer, pp. 324–336, doi:10.1007/3-540-44585-4 30.
[18] F. Herbreteau, B. Srivathsan & I. Walukiewicz (2012): Efficient emptiness check for timed bu¨chi automata.
Formal Methods in System Design 40(2), pp. 122–146, doi:10.1007/s10703-011-0133-1.
[19] A. Heußner, J. Leroux, A. Muscholl & G. Sutre (2012): Reachability Analysis of Communicating Pushdown
Systems. Logical Methods in Computer Science 8(3:23), pp. 1–20, doi:10.2168/LMCS-8(3:23)2012.
[20] S. Schwoon (2002): Model-Checking Pushdown Systems. Ph.D. thesis, Technische Universita¨t Mu¨nchen.
[21] S. Tripakis (1999): Verifying Progress in Timed Systems. In: ARTS, LNCS 1601, Springer, pp. 299–314,
doi:10.1007/3-540-48778-6 18.
P.A. Abdulla, M.F. Atig, and J. Stenman 47
[22] A. Trivedi & D. Wojtczak (2010): Recursive timed automata. In: Proceedings of the 8th international
conference on Automated technology for verification and analysis, ATVA, pp. 306–324, doi:10.1007/978-3-
642-15643-4 23.
