Event-Clock Automata: From Theory to Practice

Event clock automata (ECA) are a model for timed languages that has been introduced by Alur, Fix and Henzinger as an alternative to timed automata, with better theoretical properties (for instance, ECA are determinizable while timed automata are not). In this paper, we revisit and extend the theory of ECA. We first prove that no finite time abstract language equivalence exists for ECA, thereby disproving a claim in the original work on ECA. This means in particular that regions do not form a time abstract bisimulation. Nevertheless, we show that regions can still be used to build a finite automaton recognizing the untimed language of an ECA. Then, we extend the classical notions of zones and DBMs to let them handle event clocks instead of plain clocks (as in timed automata) by introducing event zones and Event DBMs (EDBMs). We discuss algorithms to handle event zones represented as EDBMs, as well as (semi-) algorithms based on EDBMs to decide language emptiness of ECA.

💡 Research Summary

The paper revisits the theory of Event‑Clock Automata (ECA), a timed‑language model introduced as an alternative to timed automata (TA) with the attractive property of determinism. The authors first challenge a long‑standing belief inherited from the original ECA paper: that a finite time‑abstract language equivalence (and consequently a region‑based bisimulation) exists for ECA. By constructing a family of valuations that differ only in the initial value of a prophecy clock, and by presenting a simple automaton A_inf that accepts a single timed word for each valuation, they prove that any finite equivalence would have to distinguish infinitely many states. Hence no finite time‑abstract language equivalence, simulation equivalence, or bisimulation exists for ECA.

Despite this negative result, the authors show that regions can still be employed to compute the untimed language of an ECA. They introduce the “existential region automaton”, a slight modification of the classical region automaton. Unlike the TA case, the proof does not rely on bisimulation; instead it directly shows that the existential region automaton accepts exactly Untime(L(A)) for any ECA A. This restores the usefulness of region constructions for language‑emptiness checking, albeit with a different theoretical justification.

The core technical contribution is the extension of zone‑based analysis to ECA. In TA, zones are conjunctions of constraints of the form x‑y ≤ c, which remain invariant under time elapse because all clocks increase uniformly. In ECA, history clocks increase while prophecy clocks decrease, so the invariant quantity is the sum x + y when x is a history clock and y a prophecy clock. To capture this, the authors define “event‑zones”, which allow constraints of the form x + y ≤ c, and they develop “Event Difference Bound Matrices” (EDBMs) as a data structure to represent and manipulate event‑zones efficiently. EDBMs extend classic DBMs with additional rules for handling the opposite‑direction evolution of the two clock families, and they preserve the closure properties needed for reachability analysis.

Two algorithmic schemes are examined: a forward exploration that iteratively computes reachable EDBM states from the initial configuration, and a backward exploration that computes predecessor EDBM states from accepting locations. In TA, the backward scheme always terminates, while the forward scheme may diverge. For ECA, both schemes can diverge because the opposite drift of history and prophecy clocks can generate infinite descending or ascending chains. To mitigate non‑termination, the authors discuss adapting widening operators from the TA literature—specifically, closure‑by‑region and k‑approximation—to the event‑zone setting. They outline the challenges of proving correctness for these operators without bisimulation, leaving a substantial avenue for future work.

The paper also surveys the current tooling landscape. Apart from the TEMP0 prototype, which handles only history clocks (event‑recording automata), there is no publicly available tool that fully exploits ECA’s expressive power. The proposed event‑zone/EDBM framework is designed to be compatible with existing TA toolchains (e.g., UPPAAL, Kronos), suggesting a feasible path toward practical verification tools for ECA.

In summary, the authors (1) disprove the existence of a finite time‑abstract language equivalence for ECA, (2) restore the utility of region constructions via the existential region automaton, (3) introduce event‑zones and EDBMs to enable zone‑based analysis of ECA, (4) analyze forward and backward reachability algorithms, highlighting potential non‑termination, and (5) propose directions for widening techniques and tool development. Their work bridges a gap between the elegant theoretical properties of ECA and the algorithmic machinery required for real‑world verification.