A Simplification of a Real-Time Verification Problem

We revisit the problem of real-time verification with dense dynamics using timeout and calendar based models and simplify this to a finite state verification problem. To overcome the complexity of verification of real-time systems with dense dynamics, Dutertre and Sorea, proposed timeout and calender based transition systems to model the behavior of real-time systems and verified safety properties using k-induction in association with bounded model checking. In this work, we introduce a specification formalism for these models in terms of Timeout Transition Diagrams and capture their behavior in terms of semantics of Timed Transition Systems. Further, we discuss a technique, which reduces the problem of verification of qualitative temporal properties on infinite state space of (a large fragment of) these timeout and calender based transition systems into that on clockless finite state models through a two-step process comprising of digitization and canonical finitary reduction. This technique enables us to verify safety invariants for real-time systems using finite state model-checking avoiding the complexity of infinite state (bounded) model checking and scale up models without applying techniques from induction based proof methodology. Moreover, we can verify liveness properties for real-time systems, which is not possible by using induction with infinite state model checkers. We present examples of Fischer’s Protocol, Train-Gate Controller, and TTA start-up algorithm to illustrate how such an approach can be efficiently used for verifying safety, liveness, and timeliness properties specified in LTL using finite state model checkers like SAL-smc and Spin. We also demonstrate how advanced modeling concepts like inter-process scheduling, priorities, interrupts, urgent and committed location can be specified as extensions of the proposed specification formalism.

💡 Research Summary

The paper tackles the long‑standing difficulty of verifying real‑time systems that operate in a dense‑time domain, where the presence of continuous clocks leads to an infinite state space and makes explicit‑state model checking infeasible. Building on the timeout and calendar based transition systems originally proposed by Dutertre and Sorea, the authors introduce a formal specification language called Timeout Transition Diagrams (TTD) and give it a rigorous semantics in terms of Timed Transition Systems (TTS). This formalization clarifies the syntax and semantics that were previously informal, and it makes the models amenable to systematic analysis.

The core contribution is a two‑step reduction technique that transforms a dense‑time verification problem into a conventional finite‑state model‑checking problem.

1. Digitization – The first step replaces continuous time progress with discrete integer time steps. The authors prove that, provided timeout increments are not confined to the (0,1) interval, every execution of a timeout/calendar system can be faithfully represented by a sequence of integer‑time transitions. This result mirrors the digitization theorems of Henzinger, Manna, and Pnueli (1992) and guarantees that qualitative properties expressed in Linear Temporal Logic (LTL) are preserved under this transformation.

2. Finitary Reduction (Clockless Modeling) – The second step eliminates the global clock entirely. Instead of tracking absolute time, the model records only the relative ordering of timeout expirations. By bounding the range of all variables and timeout updates, the infinite‑state transition system collapses into a clockless finite‑state transition system. The authors establish a (bi‑)simulation relation between the original dense‑time system and its clockless counterpart, ensuring that any LTL safety or liveness property that holds in the original system also holds in the reduced model.

With the clockless model in hand, standard finite‑state model checkers such as Spin and SAL‑smc can be employed. This eliminates the need for k‑induction or bounded model checking on infinite‑state structures, which often suffer from scalability issues and require auxiliary lemmas. Importantly, the approach enables verification of liveness properties—something that was previously out of reach for dense‑time verification using induction‑based techniques.

The methodology is demonstrated on three benchmark real‑time protocols:

• Fischer’s Mutual Exclusion Protocol – verification of mutual exclusion safety.
• Train‑Gate Controller – verification of both safety (no collision) and liveness (eventual gate opening).
• TTA Startup Algorithm – verification of complex timing constraints during system initialization.

Experimental results show that the clockless models are dramatically smaller and faster to explore. Compared with dense‑time models verified directly in SAL, the finite‑state approach achieves speed‑ups of 2–5× and scales to models an order of magnitude larger (e.g., from 2 to 10 processes).

Beyond these core examples, the paper extends the TTD formalism to capture advanced real‑time modeling concepts such as inter‑process scheduling, priority‑based preemption, interrupts, urgent locations, and committed locations. These extensions are shown to be compatible with the same digitization and clockless reduction pipeline, demonstrating the generality of the approach.

In summary, the authors provide a systematic pipeline—dense‑time → integer‑time → clockless finite‑state—that preserves qualitative LTL properties while allowing the use of mature, off‑the‑shelf finite‑state model checkers. This bridges the gap between expressive dense‑time formalisms and scalable verification tools, opening the door to practical verification of both safety and liveness in a wide range of real‑time systems. Future work may explore automated tool support for the two‑step transformation, integration with richer real‑time logics (e.g., Duration Calculus), and application to hardware‑software co‑verification scenarios.