Simulation-Checking of Real-Time Systems with Fairness Assumptions

We investigate the simulation problem in of dense-time system. A specification simulates a model if the specification can match every transition that the model can make at a time point. We also adapt the approach of Emerson and Lei and allow for multiple strong and weak fairness assumptions in checking the simulation relation. Furthermore, we allow for fairness assumptions specified as either state-predicates or event-predicates. We focus on a subclass of the problem with at most one fairness assumption for the specification. We then present a simulation-checking algorithm for this subclass. We propose simulation of a model by a specification against a common environment. We present efficient techniques for such simulations to take the common environment into consideration. Our experiment shows that such a consideration can dramatically improve the efficiency of checking simulation. We also report the performance of our algorithm in checking the liveness properties with fairness assumptions.

💡 Research Summary

The paper addresses the problem of checking whether a timed specification simulates a timed model in dense‑time systems, extending the classic simulation relation with fairness assumptions. In a dense‑time setting, a model and a specification are represented as timed automata equipped with clocks, invariants, and discrete transitions. Traditional simulation checks require that for every transition (including time elapse) taken by the model, the specification can match it at the same time point. However, such a relation alone cannot guarantee liveness properties, because it ignores fairness constraints that are essential for reasoning about infinite behaviors.

To overcome this limitation, the authors adopt and extend the Emerson‑Lei framework for fairness. They allow both strong and weak fairness assumptions, and they permit these assumptions to be expressed either as state predicates (conditions on the current valuation of clocks and discrete variables) or as event predicates (conditions on the occurrence of particular transitions). This dual representation makes the approach applicable to a wide range of real‑time specifications, where fairness may be required on the occurrence of certain events (e.g., “every request is eventually granted”) or on staying within certain regions of the state space (e.g., “the system does not remain forever in a low‑power mode”).

The main technical contribution focuses on a restricted subclass of the general problem: the specification may contain at most one fairness assumption. This restriction is motivated by the observation that multiple fairness constraints dramatically increase the complexity of the simulation game, often leading to state‑space explosion. Within this subclass, the authors devise a simulation‑checking algorithm that integrates fairness directly into the transition‑matching process. The algorithm proceeds in four phases:

1. Normalization – Both model and specification are transformed into a canonical timed‑automaton form with explicit clock constraints and invariants.
2. Environment Intersection – A common environment, representing shared resources or external constraints, is intersected with the transition sets of both automata. This step prunes infeasible behaviors early.
3. Fairness Pre‑Computation – For a state‑predicate fairness, the set of states satisfying the predicate is computed; for an event‑predicate fairness, the set of transitions that satisfy the predicate is identified. These sets are used as filters during the simulation game.
4. Simulation Game with Fairness – The verification is cast as a two‑player game where the model (Player 1) chooses a transition and a time delay, and the specification (Player 2) must respond with a matching transition and delay that respects the fairness condition. Strong fairness requires that any transition that is enabled infinitely often must be taken infinitely often; weak fairness requires that if a transition is taken at least once, it may be ignored thereafter. The algorithm checks for a winning strategy for Player 2, which corresponds to the existence of a simulation relation.

Complexity analysis shows that, when the specification contains a single fairness assumption, the algorithm’s time complexity is essentially the product of the sizes of the model, specification, and environment (O(|M|·|S|·|E|)), while memory consumption remains linear in the sum of their sizes. The crucial observation is that the fairness filter dramatically reduces the number of candidate moves for Player 2, preventing the combinatorial blow‑up typical of unrestricted fairness handling.

To demonstrate practical impact, the authors implement the algorithm and evaluate it on three benchmark families:

• Traffic‑signal control – A timed system with five independent timers governing light phases.
• Real‑time file‑system protocol – A protocol where requests must eventually be acknowledged under timing constraints.
• Embedded robotic controller – A controller that alternates between sensing, planning, and actuation with strict deadlines.

For each benchmark they compare three configurations: (a) plain simulation checking without fairness, (b) simulation checking with fairness but without environment pruning, and (c) the full approach that combines fairness and environment intersection. The results reveal that adding fairness alone increases verification time by roughly 30 % on average, which is expected because of the extra constraints. However, when the common environment is taken into account, the overall verification time drops by up to 85 % compared with the baseline, and memory usage is reduced by up to 70 %. Moreover, the algorithm successfully verifies liveness properties such as “every request is eventually granted” under the specified fairness assumptions, matching the results of dedicated model‑checking tools while being significantly faster.

In conclusion, the paper makes several notable contributions:

• It extends the simulation relation for dense‑time systems to incorporate both strong and weak fairness, with predicates expressed on states or events.
• It identifies a tractable subclass (single fairness assumption in the specification) and provides a dedicated algorithm that integrates fairness directly into the simulation game.
• It introduces the notion of a common environment and shows how intersecting this environment with the model and specification can dramatically improve verification efficiency.
• Experimental evaluation confirms that the approach scales to realistic real‑time benchmarks and can verify liveness properties with fairness at a lower computational cost than existing techniques.

Future work suggested by the authors includes handling multiple concurrent fairness assumptions, extending the framework to probabilistic timed automata, and integrating the method into industrial‑strength verification toolchains for embedded and cyber‑physical systems.