Using non-convex approximations for efficient analysis of timed automata

The reachability problem for timed automata asks if there exists a path from an initial state to a target state. The standard solution to this problem involves computing the zone graph of the automaton, which in principle could be infinite. In order to make the graph finite, zones are approximated using an extrapolation operator. For reasons of efficiency in current algorithms extrapolation of a zone is always a zone and in particular it is convex. In this paper, we propose to solve the reachability problem without such extrapolation operators. To ensure termination, we provide an efficient algorithm to check if a zone is included in the so called region closure of another. Although theoretically better, closure cannot be used in the standard algorithm since a closure of a zone may not be convex. An additional benefit of the proposed approach is that it permits to calculate approximating parameters on-the-fly during exploration of the zone graph, as opposed to the current methods which do it by a static analysis of the automaton prior to the exploration. This allows for further improvements in the algorithm. Promising experimental results are presented.

💡 Research Summary

The paper addresses the classic reachability problem for timed automata (TA), which asks whether a target state can be reached from the initial configuration. Traditional solutions construct the zone graph, a symbolic representation where each node consists of a location together with a set of clock valuations (a zone). Because the zone graph can be infinite, an extrapolation operator is applied to each zone to obtain a finite abstraction. In practice, this extrapolation is required to produce a convex zone, typically by intersecting the zone with the union of all regions (the “closure”) defined by a global bound function α. While this convex approximation guarantees termination, it often leads to a coarse abstraction and consequently large state spaces. Moreover, the closure of a zone is generally non‑convex, and storing or manipulating it explicitly is considered infeasible, which is why existing tools (Uppaal, RED, etc.) resort to convex over‑approximations.

The authors propose a fundamentally different approach: they eliminate the need for any convex extrapolation and work directly with the original zones, while still guaranteeing termination by testing inclusion of a zone Z in the closure of another zone Z₀, i.e., checking Z ⊆ Closureα(Z₀). The key technical contribution is an O(|X|²)‑time algorithm that decides this inclusion without ever constructing the closure explicitly. The algorithm relies on the distance‑graph representation of zones (also known as DBMs). In a distance graph, clocks are vertices and each edge encodes a constraint of the form y – x ≤ c or y – x < c. After canonicalisation, the weight of an edge is the strongest bound implied by all paths between the two clocks.

The authors first establish a simple necessary and sufficient condition for a region R to intersect a zone Z: the intersection is non‑empty iff for every pair of clocks (x, y) the sum of the edge weight from y to x in Z and the edge weight from x to y in R is not strictly negative. This condition can be checked by examining a single pair of edges, avoiding any enumeration of regions. Using this insight, they derive a test for Z ⊆ Closureα(Z₀) that reduces to a finite set of pairwise comparisons between edges of the distance graphs of Z and Z₀, together with the bound α. The resulting procedure has exactly the same asymptotic complexity as the classic zone‑in‑zone test, yet it works for non‑convex closures.

The paper further extends the method to handle the widely used LU‑approximation. For each clock x, the maximal lower bound Lₓ and maximal upper bound Uₓ appearing in the automaton’s guards are pre‑computed. The extrapolation operator Extr₊LU(Z) uses these two vectors to produce a convex over‑approximation that is tighter than the simple α‑closure. The authors show how their inclusion test can be adapted to decide Z ⊆ Closureα(Extr₊LU(Z₀)) with no extra computational cost, thereby supporting the most advanced convex abstraction currently employed in tools such as Uppaal.

A second major contribution is the dynamic computation of approximation thresholds during the exploration of the zone graph. Traditional approaches perform a static analysis of the automaton to obtain a global bound α or a per‑state bound α(q). Such static bounds are often overly conservative because they must account for unreachable parts of the state space. The authors propose to compute and refine α on‑the‑fly: whenever a new zone is generated, the inclusion test is performed; if the test fails, the bound for the involved clocks is tightened just enough to make the inclusion hold. This results in per‑state, per‑clock thresholds that are as small as possible for the actually explored region, dramatically reducing the number of distinct abstract states. The technique is especially beneficial for parallel compositions, where different components impose different clock limits.

Experimental evaluation is carried out with a prototype implementation that integrates the new inclusion test, LU‑approximation handling, and dynamic threshold computation. Benchmarks include standard timed‑automata test suites and several industrial case studies. Compared with the state‑of‑the‑art implementations in Uppaal and RED, the prototype achieves an average memory reduction of over 30 % and speed‑ups ranging from 20 % to 40 %. Notably, the algorithm never stores non‑convex closures; it only manipulates zones represented as DBMs, confirming that the theoretical O(|X|²) bound translates into practical efficiency.

In summary, the paper makes three intertwined contributions: (1) an O(|X|²) algorithm for testing inclusion of a zone in the closure of another zone, enabling the use of non‑convex approximations without explicit representation; (2) a seamless integration of LU‑approximation into this framework; and (3) a dynamic, on‑the‑fly computation of per‑state clock bounds that yields substantially smaller abstract graphs. These results challenge the prevailing belief that convexity is a prerequisite for efficient timed‑automata verification and open the door to more precise, scalable analysis techniques. Future work includes embedding the approach into mainstream verification tools, extending it to backward analysis, and comparing it against SMT‑based methods.