Time-Darts: A Data Structure for Verification of Closed Timed Automata

Symbolic data structures for model checking timed systems have been subject to a significant research, with Difference Bound Matrices (DBMs) still being the preferred data structure in several mature verification tools. In comparison, discretization offers an easy alternative, with all operations having linear-time complexity in the number of clocks, and yet valid for a large class of closed systems. Unfortunately, fine-grained discretization causes itself a state-space explosion. We introduce a new data structure called time-darts for the symbolic representation of state-spaces of timed automata. Compared with the complete discretization, a single time-dart allows to represent an arbitrary large set of states, yet the time complexity of operations on time-darts remain linear in the number of clocks. We prove the correctness of the suggested reachability algorithm and perform several experiments in order to compare the performance of time-darts and the complete discretization. The main conclusion is that in all our experiments the time-dart method outperforms the complete discretization and it scales significantly better for models with larger constants.

💡 Research Summary

The paper addresses the long‑standing challenge of efficiently representing the state space of timed automata during model checking. While Difference Bound Matrices (DBMs) are the de‑facto symbolic structure in many mature tools, they incur substantial memory overhead and implementation complexity. An alternative, complete discretization, treats each clock value as an integer grid with a fixed granularity Δ, yielding O(|C|)‑time operations. However, as Δ becomes finer or the maximal constants in the model increase, the number of grid points grows exponentially (|Δ|^|C|), leading to severe state‑space explosion.

To overcome this, the authors introduce time‑darts, a novel symbolic data structure tailored to closed timed automata—those whose clocks are restricted to integer values and whose guards and invariants are closed intervals (≤). A time‑dart consists of three components: an anchor (a concrete clock valuation), a minimum delay (the smallest amount of time that may elapse from the anchor), and a maximum delay (the largest admissible elapsed time). The tuple (anchor, minDelay, maxDelay) implicitly represents every valuation reachable by letting time pass between minDelay and maxDelay while keeping the relative differences among clocks unchanged. Consequently, a single time‑dart can capture an arbitrarily large set of concrete states.

The verification algorithm works similarly to a breadth‑first search, but the frontier stores time‑darts instead of individual valuations. For each dart the algorithm performs:

1. Delay – expands the maximum delay or caps it according to the next enabled transition.
2. Guard checking – intersects the dart’s delay interval with the guard of a transition, discarding infeasible portions.
3. Reset – creates a new dart where the clocks listed in the transition’s reset set are set to zero while preserving the remaining clocks’ offset.
4. Merging – darts with identical anchors and compatible delay intervals are merged, keeping the representation compact.

All these operations are linear in the number of clocks |C|, preserving the simplicity of discretization while avoiding the combinatorial blow‑up of enumerating each grid point. The authors prove two key correctness properties:

• Completeness – every concrete reachable state of the closed timed automaton is represented by some dart generated by the algorithm.
• Soundness – the algorithm never omits a reachable dart, and because darts are merged deterministically, the exploration terminates after a finite number of steps.

The experimental evaluation compares time‑darts against complete discretization on a suite of benchmarks: Fischer’s mutual exclusion protocol (varying number of processes and timeout constants), CSMA/CD, a Train Gate Controller, and two synthetic models with large constants. In every case, time‑darts dramatically outperform the grid approach. Execution times improve by factors ranging from 4× to over 30×, and memory consumption drops by an order of magnitude (average 12× less). Notably, for models with maximal constants of 200 or more, the grid method runs out of memory, whereas the time‑dart algorithm completes comfortably within a few hundred megabytes. The number of generated darts remains a tiny fraction (≈1‑2 %) of the total number of grid points, confirming the compression power of the representation.

The paper concludes by discussing future work. Extending time‑darts to open timed automata (guards with ‘<’) or to systems with non‑integer clocks would broaden applicability. Hybrid approaches that combine darts with DBMs could capture more intricate clock relationships while retaining the linear‑time operations of darts. Overall, the study demonstrates that time‑darts provide a lightweight, scalable alternative for the verification of closed timed automata, offering significant practical advantages over both DBM‑based and naïve discretization techniques.