Region (model checking)

Last updated October 31, 2023

In model checking, a field of computer science, a region is a convex polytope in $\mathbb {R} ^{d}$ for some dimension $d$ , and more precisely a zone, satisfying some minimality property. The regions partition $\mathbb {R} ^{d}$ .

The set of zones depends on a set $K$ of constraints of the form $x\leq c$ , $x\geq c$ , $x_{1}\leq x_{2}+c$ and $x_{1}\geq x_{2}+c$ , with $x_{1}$ and $x_{2}$ some variables, and $c$ a constant. The regions are defined such that if two vectors ${\vec {x}}$ and ${\vec {x}}'$ belong to the same region, then they satisfy the same constraints of $K$ . Furthermore, when those vectors are considered as a tuple of clocks, both vectors have the same set of possible futures. Intuitively, it means that any timed propositional temporal logic-formula, or timed automaton or signal automaton using only the constraints of $K$ can not distinguish both vectors.

The set of region allows to create the region automaton, which is a directed graph in which each node is a region, and each edge $r\to r'$ ensure that $r'$ is a possible future of $r$ . Taking a product of this region automaton and of a timed automaton ${\mathcal {A}}$ which accepts a language $L$ creates a finite automaton or a Büchi automaton which accepts untimed $L$ . In particular, it allows to reduce the emptiness problem for ${\mathcal {A}}$ to the emptiness problem for a finite or Büchi automaton. This technique is used for example by the software UPPAAL.^[1]

Definition

Let $C=\{x_{1},\dots ,x_{d}\}$ a set of clocks. For each $x\in \mathbb {N}$ let $c_{x}\in \mathbb {N}$ . Intuitively, this number represents an upper bound on the values to which the clock $x$ can be compared. The definition of a region over the clocks of $C$ uses those numbers $c_{x}$ 's. Three equivalent definitions are now given.

Given a clock assignment $\nu$ , $[\nu ]$ denotes the region in which $\nu$ belongs. The set of regions is denoted by ${\mathcal {R}}$ .

Equivalence of clocks assignment

The first definition allow to easily test whether two assignments belong to the same region.

A region may be defined as an equivalence class for some equivalence relation. Two clocks assignments $\nu _{1}$ and $\nu _{2}$ are equivalent if they satisfy the following constraints:^[2]^: 202

$\nu _{1}(x)\sim c$ iff $\nu _{2}(x)\sim c$ , for each $x\in C$ and $0\leq c\leq c_{x}$ an integer, and ~ being one of the following relation =, < or ≤.
$\{\nu _{1}(x)\}\sim \{\nu _{1}(y)\}$ iff $\{\nu _{2}(x)\}\sim \{\nu _{2}(y)\}$ , for each $x,y\in C$ , $\nu _{1}(x)\leq c_{x}$ , $\nu _{1}(y)\leq c_{y}$ , $\{r\}$ being the fractional part of the real $r$ , and ~ being one of the following relation =, < or ≤.

The first kind of constraints ensures that $\nu _{1}$ and $\nu _{2}$ satisfies the same constraints. Indeed, if $\nu _{1}(x)=0.5$ and $\nu _{2}(x)=1$ , then only the second assignment satisfies $x=1$ . On the other hand, if $\nu _{1}(x)=0.5$ and $\nu _{2}(x)=0.6$ , both assignment satisfies exactly the same set of constraint, since the constraints use only integral constants.

The second kind of constraints ensures that the future of two assignments satisfy the same constraints. For example, let $\nu _{1}=\{x\mapsto 0.5,y\mapsto 0.6\}$ and $\nu _{2}=\{x\mapsto 0.5,y\mapsto 0.4\}$ . Then, the constraint $y=1\land x<1$ is eventually satisfied by the future of $\nu _{1}$ without clock reset, but not by the future of $\nu _{2}$ without clock reset.

Explicit definition of a region

While the previous definition allow to test whether two assignments belong to the same region, it does not allow to easily represents a region as a data structure. The third definition given below allow to give a canonical encoding of a region.

A region can be explicitly defined as a zone, using a set $S$ of equations and inequations satisfying the following constraints:

for each $x\in C$ $Region (model checking)$ , $S$ $Region (model checking)$ contains either:
- $x=c$ for some integer $0\leq c\leq c_{x}$
- $x\in (c,c+1)$ for some integer $0\leq c<c_{x}$ ,
- $x>c_{x}$ ,
furthermore, for each pair of clocks $x,y\in C$ , where $S$ contains constraints of the form $x\in (c,c+1)$ and $y\in (c',c'+1)$ , then $S$ contains an (in) equality of the form $\{x\}\sim \{y\}$ with $\sim$ being either =, < or ≤.

Since, when $c$ and $c'$ are fixed, the last constraint is equivalent to $x\sim y+c-c'$ .

This definition allow to encode a region as a data structure. It suffices, for each clock, to state to which interval it belongs and to recall the order of the fractional part of the clocks which belong in an open interval of length 1. It follows that the size of this structure is $O\left(\sum \log(c_{k})+|C|\log(|C|)\right)$ with $|C|$ the number of clocks.

Timed bisimulation

Let us now give a third definition of regions. While this definition is more abstract, it is also the reason why regions are used in model checking. Intuitively, this definition states that two clock assignments belong to the same region if the differences between them are such that no timed automaton can notice them. Given any run $r$ starting with a clock assignment $\nu$ , for any other assignment $\nu '$ in the same region, there is a run $r'$ , going through the same locations, reading the same letters, where the only difference is that the time waited between two successive transition may be different, and thus the successive clock variations are different.

The formal definition is now given. Given a set of clock $C$ , two assignments two clocks assignments $\nu _{1}$ and $\nu _{2}$ belongs to the same region if for each timed automaton ${\mathcal {A}}$ in which the guards never compare a clock $x$ to a number greater than $c_{x}$ , given any location $\ell$ of ${\mathcal {A}}$ , there is a timed bisimulation between the extended states $(\ell ,\nu _{1})$ and $(\ell ,\nu _{2})$ . More precisely, this bisimulation preserves letters and locations but not the exact clock assignments.^[1]^: 7

Operation on regions

Some operations are now defined over regions: Resetting some of its clock, and letting time pass.

Resetting clocks

Given a region $\alpha$ defined by a set of (in)equations $S$ , and a set of clocks $C'\subseteq C$ , the region similar to $\alpha$ in which the clocks of $C'$ are restarted is now defined. This region is denoted by $\alpha [C'\mapsto 0]$ , it is defined by the following constraints:

each constraints of $S$ not containing the clock $x$ ,
the constraints $x=0$ for $x\in C'$ .

The set of assignments defined by $\alpha [C'\mapsto 0]$ is exactly the set of assignments $\nu [C'\mapsto 0]$ for $\nu \in \alpha$ .

Time-successor

Given a region $\alpha$ , the regions which can be attained without resetting a clock are called the time-successors of $\alpha$ . Two equivalent definitions are now given.

Definition

A clock region $\alpha '$ is a time-successor of another clock region $\alpha$ if for each assignment $\nu \in \alpha$ , there exists some positive real $t_{\nu ,\alpha '}>0$ such that $\nu +t_{\nu ,\alpha '}\in \alpha '$ .

Note that it does not mean that $\alpha +t_{\nu ,\alpha '}=\alpha '$ . For example, the region $\alpha$ defined by the set of constraint $\{0<x<1,0<y<1,x<y\}$ has the time-successor $\alpha '$ defined by the set of constraint $\{0<x<1,y=1\}$ . Indeed, for each $\nu \in \alpha$ , it suffices to take $t_{\nu ,\alpha '}=1-\nu (y)$ . However, there exists no real $t$ such that $\alpha +t=\alpha '$ or even such that $\alpha +t\subseteq \alpha '$ ; indeed, $\alpha$ defines a triangle while $\alpha '$ defines a segment.

Computable definition

The second definition now given allow to explicitly compute the set of time-successor of a region, given by its set of constraints.

Given a region $\alpha$ defined as a set of constraints $S$ , let us define its set of time-successors. In order to do so, the following variables are required. Let $T\subseteq S$ the set of constraints of $S$ of the form $x_{i}=c_{i}$ . Let $Y\subseteq C$ the set of clocks $y$ such that $S$ contains the constraint $y>c_{y}$ . Let $Z\subseteq C\setminus Y$ the set of clocks $\{z\}$ such that there are no constraints of the form $\{x\}<\{z\}$ in $S$ .

If $T$ is empty, $\alpha$ is its own time successor. If $Y=C$ , then $\alpha$ is the only time-successor of $\alpha$ . Otherwise, there is a least time-successor of $\alpha$ not equal to $\alpha$ . The least time-successor, if $T$ is non-empty, contains:

the constraints of $S\setminus T$
$x_{i}>c_{i}$ ,
$\{x_{i}\}=\{x_{j}\}$ , and
for each $y$ such that $y>c_{y}$ does not belong to $S$ , the constraint $x_{i}<y$ .

If $T$ is empty, the least time-successor is defined by the following constraints:

the constraints of $S$ not using the clocks of $Z$ ,
the constraint $z=c+1$ , for each constraint $c<z<c+1$ in $S$ , with $z\in Z$ .

Properties

There are at most $|C|!2^{|C|}\prod _{x\in C}(2c_{x}+2)$ regions, where $|C|$ is the number of clocks.^[2]^: 203

Region automaton

Given a timed automaton ${\mathcal {A}}$ , its region automaton is a finite automaton or a Büchi automaton which accepts untimed $L$ . This automaton is similar to ${\mathcal {A}}$ , where clocks are replaced by region. Intuitively, the region automaton is contructude as a product of ${\mathcal {A}}$ and of the region graph. This region graph is defined first.

Region graph

The region graph is a rooted directed graph which models the set of possible clock valuations during a run of a timed-autoamton. It is defined as follows:

its nodes are regions,
its root is the initial region $\alpha _{0}$ , defined by the set of constraints $\{x=0\mid x\in C\}$ ,
the set of edges are $(\alpha ,\alpha '[C'\mapsto 0])$ , for $\alpha '$ a time-successor of $\alpha$ .

Region automaton

Let ${\mathcal {A}}=\langle \Sigma ,L,L_{0},C,F,E\rangle$ a timed automaton. For each clock $x\in C$ , let $c_{x}$ the greatest number $c$ such that there exists a guard of the form $x\sim c$ in ${\mathcal {A}}$ . The region automaton of ${\mathcal {A}}$ , denoted by $R({\mathcal {A}})$ is a finite or Büchi automaton which is essentially a product of ${\mathcal {A}}$ and of the region graph defined above. That is, each state of the region automaton is a pair containing a location of ${\mathcal {A}}$ and a region. Since two clocks assignment belonging to the same region satisfies the same guard, each region contains enough information to decide which transitions can be taken.

Formally, the region automaton is defined as follows:

its alphabet is $\Sigma$ ,
its set of states is $L\times {\mathcal {R}}$ ,
its set of states is $L_{0}\times \{\alpha _{0}\}$ with $\alpha _{0}$ the initial region,
its set of accepting states is $F\times {\mathcal {R}}$ ,
its transition relation $\delta$ contains $((\ell ,\alpha ),a,(\ell ',\alpha '[C'\mapsto 0]))$ , for $(\ell ,a,g,C',\ell ')\in E$ , such that $\gamma \models \alpha '$ and $\alpha '$ is a time-successor of $\alpha$ .

Given any run $r=(\ell _{0},\nu _{0}){\xrightarrow[{t_{1}}]{\sigma _{1}}}(\ell _{1},\nu _{1})\dots$ of ${\mathcal {A}}$ , the sequence $(\ell _{0},[\nu _{0}]){\xrightarrow {\sigma _{1}}}(\ell _{1},[\nu _{1}])\dots$ is denoted $[r]$ , it is a run of $R({\mathcal {A}})$ and is accepting if and only if $r$ is accepting^[2]^: 207. It follows that $L(R({\mathcal {A}}))=\operatorname {Untime} (L({\mathcal {A}}))$ . In particular, ${\mathcal {A}}$ accepts a timed-word if and only if $R({\mathcal {A}})$ accepts a word. Furthermore, an accepting run of ${\mathcal {A}}$ can be computed from an accepting run of $R({\mathcal {A}})$ .

Related Research Articles

In mathematical physics and mathematics, the Pauli matrices are a set of three $2 \times 2$ complex matrices which are Hermitian, involutory and unitary. Usually indicated by the Greek letter sigma, they are occasionally denoted by tau when used in connection with isospin symmetries.

In particle physics, the Dirac equation is a relativistic wave equation derived by British physicist Paul Dirac in 1928. In its free form, or including electromagnetic interactions, it describes all spin-1⁄2 massive particles, called "Dirac particles", such as electrons and quarks for which parity is a symmetry. It is consistent with both the principles of quantum mechanics and the theory of special relativity, and was the first theory to account fully for special relativity in the context of quantum mechanics. It was validated by accounting for the fine structure of the hydrogen spectrum in a completely rigorous way.

In mathematics, the $L p$ spaces are function spaces defined using a natural generalization of the $p$ -norm for finite-dimensional vector spaces. They are sometimes called Lebesgue spaces, named after Henri Lebesgue, although according to the Bourbaki group they were first introduced by Frigyes Riesz.

The stress–energy tensor, sometimes called the stress–energy–momentum tensor or the energy–momentum tensor, is a tensor physical quantity that describes the density and flux of energy and momentum in spacetime, generalizing the stress tensor of Newtonian physics. It is an attribute of matter, radiation, and non-gravitational force fields. This density and flux of energy and momentum are the sources of the gravitational field in the Einstein field equations of general relativity, just as mass density is the source of such a field in Newtonian gravity.

Noether's theorem or Noether's first theorem states that every differentiable symmetry of the action of a physical system with conservative forces has a corresponding conservation law. The theorem was proven by mathematician Emmy Noether in 1915 and published in 1918. The action of a physical system is the integral over time of a Lagrangian function, from which the system's behavior can be determined by the principle of least action. This theorem only applies to continuous and smooth symmetries over physical space.

In mathematics, the adele ring of a global field is a central object of class field theory, a branch of algebraic number theory. It is the restricted product of all the completions of the global field and is an example of a self-dual topological ring.

In electromagnetism, the electromagnetic tensor or electromagnetic field tensor is a mathematical object that describes the electromagnetic field in spacetime. The field tensor was first used after the four-dimensional tensor formulation of special relativity was introduced by Hermann Minkowski. The tensor allows related physical laws to be written very concisely, and allows for the quantization of the electromagnetic field by Lagrangian formulation described below.

A theoretical motivation for general relativity, including the motivation for the geodesic equation and the Einstein field equation, can be obtained from special relativity by examining the dynamics of particles in circular orbits about the Earth. A key advantage in examining circular orbits is that it is possible to know the solution of the Einstein Field Equation a priori. This provides a means to inform and verify the formalism.

The covariant formulation of classical electromagnetism refers to ways of writing the laws of classical electromagnetism in a form that is manifestly invariant under Lorentz transformations, in the formalism of special relativity using rectilinear inertial coordinate systems. These expressions both make it simple to prove that the laws of classical electromagnetism take the same form in any inertial coordinate system, and also provide a way to translate the fields and forces from one frame to another. However, this is not as general as Maxwell's equations in curved spacetime or non-rectilinear coordinate systems.

Expected shortfall (ES) is a risk measure—a concept used in the field of financial risk measurement to evaluate the market risk or credit risk of a portfolio. The "expected shortfall at q% level" is the expected return on the portfolio in the worst $of cases. ES is an alternative to value at risk that is more sensitive to the shape of the tail of the loss distribution.$

Linear Programming Boosting (LPBoost) is a supervised classifier from the boosting family of classifiers. LPBoost maximizes a margin between training samples of different classes and hence also belongs to the class of margin-maximizing supervised classification algorithms. Consider a classification function

A Choquet integral is a subadditive or superadditive integral created by the French mathematician Gustave Choquet in 1953. It was initially used in statistical mechanics and potential theory, but found its way into decision theory in the 1980s, where it is used as a way of measuring the expected utility of an uncertain event. It is applied specifically to membership functions and capacities. In imprecise probability theory, the Choquet integral is also used to calculate the lower expectation induced by a 2-monotone lower probability, or the upper expectation induced by a 2-alternating upper probability.

Coherent states have been introduced in a physical context, first as quasi-classical states in quantum mechanics, then as the backbone of quantum optics and they are described in that spirit in the article Coherent states. However, they have generated a huge variety of generalizations, which have led to a tremendous amount of literature in mathematical physics. In this article, we sketch the main directions of research on this line. For further details, we refer to several existing surveys.

In mathematics a translation surface is a surface obtained from identifying the sides of a polygon in the Euclidean plane by translations. An equivalent definition is a Riemann surface together with a holomorphic 1-form.

In automata theory, a timed automaton is a finite automaton extended with a finite set of real-valued clocks. During a run of a timed automaton, clock values increase all with the same speed. Along the transitions of the automaton, clock values can be compared to integers. These comparisons form guards that may enable or disable transitions and by doing so constrain the possible behaviors of the automaton. Further, clocks can be reset. Timed automata are a sub-class of a type hybrid automata.

In representation theory of mathematics, the Waldspurger formula relates the special values of two L-functions of two related admissible irreducible representations. Let $k$ be the base field, $f$ be an automorphic form over $k$ , $π$ be the representation associated via the Jacquet–Langlands correspondence with f. Goro Shimura (1976) proved this formula, when $and f is a cusp form; Günter Harder made the same discovery at the same time in an unpublished paper. Marie-France Vignéras (1980) proved this formula, when and f is a newform. Jean-Loup Waldspurger, for whom the formula is named, reproved and generalized the result of Vignéras in 1985 via a totally different method which was widely used thereafter by mathematicians to prove similar formulas.$

In model checking, a subfield of computer science, a clock is a mathematical object used to model time. More precisely, a clock measures how much time passed since a particular event occurs, in this sense, a clock is more precisely an abstraction of a stopwatch. In a model of some particular program, the value of the clock may either be the time since the program was started, or the time since a particular event occurred in the program. Those clocks are used in the definition of timed automaton, signal automaton, timed propositional temporal logic and clock temporal logic. They are also used in programs such as UPPAAL which implement timed automata.

In model checking, a field of computer science, timed propositional temporal logic (TPTL) is an extension of propositional linear temporal logic (LTL) in which variables are introduced to measure times between two events. For example, while LTL allows to state that each event p is eventually followed by an event q, TPTL furthermore allows to give a time limit for q to occur.

In automata theory, a field of computer science, a signal automaton is a finite automaton extended with a finite set of real-valued clocks. During a run of a signal automaton, clock values increase all with the same speed. Along the transitions of the automaton, clock values can be compared to integers. These comparisons form guards that may enable or disable transitions and by doing so constrain the possible behaviors of the automaton. Further, clocks can be reset.

In automata theory, an alternating timed automaton (ATA) is a mix of both timed automaton and alternating finite automaton. That is, it is a sort of automata which can measure time and in which there exists universal and existential transition.

References

1 2 Bengtsson, Johan; Yi, Wang L (2004). "Timed Automata: Semantics, Algorithms and Tools". Lectures on Concurrency and Petri Nets. Lecture Notes in Computer Science. Vol. 3098. pp. 87–124. doi:10.1007/978-3-540-27755-2_3. ISBN 978-3-540-22261-3.
1 2 3 Alur, Rajeev; Dill, David L (April 25, 1994). "A theory of timed automata" (PDF). Theoretical Computer Science. 126 (2): 183–235. doi: 10.1016/0304-3975(94)90010-8 .

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[Timed_Automata:_Semantics,_Algorithm_And_Tools-1] 1 2 Bengtsson, Johan; Yi, Wang L (2004). "Timed Automata: Semantics, Algorithms and Tools". Lectures on Concurrency and Petri Nets. Lecture Notes in Computer Science. Vol. 3098. pp. 87–124. doi:10.1007/978-3-540-27755-2_3. ISBN 978-3-540-22261-3.

[AlurDill-2] 1 2 3 Alur, Rajeev; Dill, David L (April 25, 1994). "A theory of timed automata" (PDF). Theoretical Computer Science. 126 (2): 183–235. doi: 10.1016/0304-3975(94)90010-8 .

[1]

[2]

Region (model checking)

Contents

Definition

Equivalence of clocks assignment

Explicit definition of a region

Timed bisimulation

Operation on regions

Resetting clocks

Time-successor

Definition

Computable definition

Properties

Region automaton

Region graph

Region automaton

Related Research Articles

References