Clock (model checking)

Last updated March 18, 2024

In model checking, a subfield of computer science, a clock is a mathematical object used to model time. More precisely, a clock measures how much time passed since a particular event occurs, in this sense, a clock is more precisely an abstraction of a stopwatch. In a model of some particular program, the value of the clock may either be the time since the program was started, or the time since a particular event occurred in the program. Those clocks are used in the definition of timed automaton, signal automaton, timed propositional temporal logic and clock temporal logic. They are also used in programs such as UPPAAL which implement timed automata.^[1]

Generally, the model of a system uses many clocks. Those multiple clocks are required in order to track a bounded number of events. All of those clocks are synchronized. That means that the difference in value between two fixed clocks is constant until one of them is restarted. In the language of electronics, it means that clock's jitter is null.

Example

Let us assume that we want to modelize an elevator in a building with ten floors. Our model may have $n$ clocks $c_{0},\dots ,c_{9}$ , such that the value of the clock $c_{i}$ is the time someone had wait for the elevator at floor $i$ . This clock is started when someone calls the elevator on floor $i$ (and the elevator was not already called on this floor since last time it visited that floor). This clock can be turned off when the elevator arrives at floor $i$ . In this example, we actually need ten distinct clocks because we need to track ten independent events. Another clock $s$ may be used to check how much time an elevator spent at a particular floor.

A model of this elevator can then use those clocks to assert whether the elevator's program satisfies properties such as "assuming the elevator is not kept on a floor for more than fifteen seconds, then no one has to wait for the elevator for more than three minutes". In order to check whether this statement holds, it suffices to check that, in every run of the model in which the clock $s$ is always smaller than fifteen seconds, each clock $c_{i}$ is turned off before it reaches three minutes.

Definition

Formally, a set $X$ of clocks is simply a finite set^[1]^: 191. Each element of a set of clock is called a clock. Intuitively, a clock is similar to a variable in first-order logic, it is an element which may be used in a logical formula and which may takes a number of differente values.

Clock valuations

A clock valuation or clock interpretation^[1]^: 193 $\nu$ over $X=\{x_{1},\dots ,x_{n}\}$ is usually defined as a function from $X$ to the set of non-negative real. Equivalently, a valuation can be considered as a point in $\mathbb {R} _{\geq 0}^{n}$ .

The initial assignment $\nu _{0}$ is the constant function sending each clock to 0. Intuitively, it represents the initial time of the program, where each clocks are initialized simultaneously.

Given a clock assignment $\nu$ , and a real $t\geq 0$ , $\nu +t$ denotes the clock assignment sending each clock $x\in C$ to $\nu (x)+t$ . Intuitively, it represents the valuation $\nu$ after which $t$ time units passed.

Given a subset $r\subseteq C$ of clocks, $\nu [r\rightarrow 0]$ denotes the assignment similar to $\nu$ in which the clocks of $r$ are reset. Formally, $\nu [r\rightarrow 0]$ sends each clock $x\in r$ to 0 and each clock $x\not \in r$ to $\nu (x)$ .

Inactive clocks

The program UPPAAL introduce the notion of inactive clocks.^[2] A clock is inactive at some time if there is no possible future in which the clock's value is checked without being reset first. In our example above, the clock $c_{i}$ is considered to be inactive when the elevator arrive at floor $i$ , and remains inactive until someone call the elevator at floor $i$ .

When allowing for inactive clock, a valuation may associate a clock $x$ to some special value $\bot$ to indicate that it is inactive. If $\nu (x)=\bot$ then $(\nu +t)(x)$ also equals $\bot$ .

Clock constraint

An atomic clock constraint is simply a term of the form $x\sim c$ , where $x$ is a clock, $\sim$ is a comparison operator, such as <, ≤, = ≥, or >, and $c\in \mathbb {N}$ is an integral constant. In our previous example, we may use the atomic clock constraints $c_{i}\leq 180$ to state that the person at floor $i$ waited for less than three minutes, and $s>15$ to state that the elevator stayed at some floor for more than fifteen seconds. A valuation $\nu$ satisfies an atomic clock valuation $x\sim c$ if and only if $\nu (x)\sim c$ .

A clock constraint is either a finite conjunction of atomic clock constraint or is the constant "true" (which can be considered as the empty conjunction). A valuation $\nu$ satisfies a clock constraint $\bigwedge _{i=1}^{n}x_{i}\sim _{i}c_{i}$ if it satisfies each atomic clock constraint $x_{i}\sim _{i}c_{i}$ .

Diagonal constraint

Depending on the context, an atomic clock constraint may also be of the form $x_{i}\sim x_{j}+c$ . Such a constraint is called a diagonal constraint, because $x_{1}=x_{2}+c$ defines a diagonal line in $\mathbb {R} _{\geq 0}^{2}$ .

Allowing diagonal constraints may allow to decrease the size of a formula or of an automaton used to describe a system. However, algorithm's complexity may increase when diagonal constraints are allowed. In most system using clocks, allowing diagonal constraint does not increase the expressivity of the logic. We now explain how to encode such constraint with Boolean variable and non-diagonal constraint.

A diagonal constraint $x_{i}\sim x_{j}+c$ may be simulated using non-diagonal constraint as follows. When $x_{j}$ is reset, check whether $x_{i}\sim c$ holds or not. Recall this information in a Boolean variable $b_{i,j,c}$ and replace $x_{i}\sim x_{j}+c$ by this variable. When $x_{i}$ is reset, set $b_{i,j,c}$ to true if $\sim$ is < or ≤ or if $\sim$ is = and $c=0$ .

The way to encode a Boolean variable depends on the system which uses the clock. For example, UPPAAL supports Boolean variables directly. Timed automata and signal automata can encode a Boolean value in their locations. In clock temporal logic over timed words, the Boolean variable may be encoded using a new clock $x_{i,j,c}$ , whose value is 0 if and only if $b_{i,j,c}$ is false. That is, $x_{i,j,c}$ is reset as long as $x_{i,j,c}$ is supposed to be false. In timed propositional temporal logic, the formula $x_{i}.\phi$ , which restart $x_{i}$ and then evaluates $\phi$ , can be replaced by the formula $x_{i}.((x_{i}\sim x_{j}+c\implies \phi _{\top })\land (\neg x_{i}\sim x_{j}+c\implies \phi \bot ))$ , where $\phi _{\top }$ and $\phi _{\bot }$ are copies of the formulas $\phi$ , where $x_{i}\sim x_{j}+c$ are replaced by the true and false constant respectively.

Sets defined by clock constraints

A clock constraint defines a set of valuations. Two kinds of such sets are considered in the literature.

A zone is a non-empty set of valuations satisfying a clock constraint. Zones and clock constraints are implemented using difference bound matrix.

Given a model $M$ , it uses a finite number of constants in its clock constraints. Let $K$ be the greatest constant used. A region is a non-empty zone in which no constraint greater than $K$ are used, and furthermore, such that it is minimal for the inclusion.

Notes

1 2 3 Alur, Rajeev; Dill, David L (April 25, 1994). "A theory of timed automata" (PDF). Theoretical Computer Science. 126 (2): 183–235. doi: 10.1016/0304-3975(94)90010-8 .
↑ Behrmann, Gerd; David, Alexandre; Larsen, Kim G (November 28, 2006). "A Tutorial on Uppaal 4.0" (PDF): 28.{{cite journal}}: Cite journal requires |journal= (help)

Related Research Articles

In physics, Kaluza–Klein theory is a classical unified field theory of gravitation and electromagnetism built around the idea of a fifth dimension beyond the common 4D of space and time and considered an important precursor to string theory. In their setup, the vacuum has the usual 3 dimensions of space and one dimension of time but with another microscopic extra spatial dimension in the shape of a tiny circle. Gunnar Nordström had an earlier, similar idea. But in that case, a fifth component was added to the electromagnetic vector potential, representing the Newtonian gravitational potential, and writing the Maxwell equations in five dimensions.

Propositional calculus is a branch of logic. It is also called propositional logic, statement logic, sentential calculus, sentential logic, or sometimes zeroth-order logic. It deals with propositions and relations between propositions, including the construction of arguments based on them. Compound propositions are formed by connecting propositions by logical connectives. Propositions that contain no logical connectives are called atomic propositions.

In statistics, a normal distribution or Gaussian distribution is a type of continuous probability distribution for a real-valued random variable. The general form of its probability density function is

The stress–energy tensor, sometimes called the stress–energy–momentum tensor or the energy–momentum tensor, is a tensor physical quantity that describes the density and flux of energy and momentum in spacetime, generalizing the stress tensor of Newtonian physics. It is an attribute of matter, radiation, and non-gravitational force fields. This density and flux of energy and momentum are the sources of the gravitational field in the Einstein field equations of general relativity, just as mass density is the source of such a field in Newtonian gravity.

Intuitionistic logic, sometimes more generally called constructive logic, refers to systems of symbolic logic that differ from the systems used for classical logic by more closely mirroring the notion of constructive proof. In particular, systems of intuitionistic logic do not assume the law of the excluded middle and double negation elimination, which are fundamental inference rules in classical logic.

The Fock space is an algebraic construction used in quantum mechanics to construct the quantum states space of a variable or unknown number of identical particles from a single particle Hilbert space $H$ . It is named after V. A. Fock who first introduced it in his 1932 paper "Konfigurationsraum und zweite Quantelung".

In theoretical physics, a scalar–tensor theory is a field theory that includes both a scalar field and a tensor field to represent a certain interaction. For example, the Brans–Dicke theory of gravitation uses both a scalar field and a tensor field to mediate the gravitational interaction.

In theoretical physics, scalar electrodynamics is a theory of a U(1) gauge field coupled to a charged spin 0 scalar field that takes the place of the Dirac fermions in "ordinary" quantum electrodynamics. The scalar field is charged, and with an appropriate potential, it has the capacity to break the gauge symmetry via the Abelian Higgs mechanism.

In theoretical computer science, the modal μ-calculus is an extension of propositional modal logic by adding the least fixed point operator μ and the greatest fixed point operator ν, thus a fixed-point logic.

In mathematics, the theory of optimal stopping or early stopping is concerned with the problem of choosing a time to take a particular action, in order to maximise an expected reward or minimise an expected cost. Optimal stopping problems can be found in areas of statistics, economics, and mathematical finance. A key example of an optimal stopping problem is the secretary problem. Optimal stopping problems can often be written in the form of a Bellman equation, and are therefore often solved using dynamic programming.

In statistics, the inverse Wishart distribution, also called the inverted Wishart distribution, is a probability distribution defined on real-valued positive-definite matrices. In Bayesian statistics it is used as the conjugate prior for the covariance matrix of a multivariate normal distribution.

In computational complexity theory, the language TQBF is a formal language consisting of the true quantified Boolean formulas. A (fully) quantified Boolean formula is a formula in quantified propositional logic where every variable is quantified, using either existential or universal quantifiers, at the beginning of the sentence. Such a formula is equivalent to either true or false. If such a formula evaluates to true, then that formula is in the language TQBF. It is also known as QSAT.

In automata theory, a timed automaton is a finite automaton extended with a finite set of real-valued clocks. During a run of a timed automaton, clock values increase all with the same speed. Along the transitions of the automaton, clock values can be compared to integers. These comparisons form guards that may enable or disable transitions and by doing so constrain the possible behaviors of the automaton. Further, clocks can be reset. Timed automata are a sub-class of a type hybrid automata.

Lagrangian field theory is a formalism in classical field theory. It is the field-theoretic analogue of Lagrangian mechanics. Lagrangian mechanics is used to analyze the motion of a system of discrete particles each with a finite number of degrees of freedom. Lagrangian field theory applies to continua and fields, which have an infinite number of degrees of freedom.

In statistics, the variance function is a smooth function that depicts the variance of a random quantity as a function of its mean. The variance function is a measure of heteroscedasticity and plays a large role in many settings of statistical modelling. It is a main ingredient in the generalized linear model framework and a tool used in non-parametric regression, semiparametric regression and functional data analysis. In parametric modeling, variance functions take on a parametric form and explicitly describe the relationship between the variance and the mean of a random quantity. In a non-parametric setting, the variance function is assumed to be a smooth function.

The pressuron is a hypothetical scalar particle which couples to both gravity and matter theorised in 2013. Although originally postulated without self-interaction potential, the pressuron is also a dark energy candidate when it has such a potential. The pressuron takes its name from the fact that it decouples from matter in pressure-less regimes, allowing the scalar–tensor theory of gravity involving it to pass solar system tests, as well as tests on the equivalence principle, even though it is fundamentally coupled to matter. Such a decoupling mechanism could explain why gravitation seems to be well described by general relativity at present epoch, while it could actually be more complex than that. Because of the way it couples to matter, the pressuron is a special case of the hypothetical string dilaton. Therefore, it is one of the possible solutions to the present non-observation of various signals coming from massless or light scalar fields that are generically predicted in string theory.

In model checking, a field of computer science, timed propositional temporal logic (TPTL) is an extension of propositional linear temporal logic (LTL) in which variables are introduced to measure times between two events. For example, while LTL allows to state that each event p is eventually followed by an event q, TPTL furthermore allows to give a time limit for q to occur.

In automata theory, a field of computer science, a signal automaton is a finite automaton extended with a finite set of real-valued clocks. During a run of a signal automaton, clock values increase all with the same speed. Along the transitions of the automaton, clock values can be compared to integers. These comparisons form guards that may enable or disable transitions and by doing so constrain the possible behaviors of the automaton. Further, clocks can be reset.

In automata theory, an alternating timed automaton (ATA) is a mix of both timed automaton and alternating finite automaton. That is, it is a sort of automata which can measure time and in which there exists universal and existential transition.

In model checking, a field of computer science, a region is a convex polytope in $for some dimension, and more precisely a zone, satisfying some minimality property. The regions partition .$

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[AlurDill-1] 1 2 3 Alur, Rajeev; Dill, David L (April 25, 1994). "A theory of timed automata" (PDF). Theoretical Computer Science. 126 (2): 183–235. doi: 10.1016/0304-3975(94)90010-8 .

[2] Behrmann, Gerd; David, Alexandre; Larsen, Kim G (November 28, 2006). "A Tutorial on Uppaal 4.0" (PDF): 28.{{cite journal}}: Cite journal requires |journal= (help)

[1]

[2]