Model Checking One-clock Priced Timed Automata

We consider the model of priced (a.k.a. weighted) timed automata, an extension of timed automata with cost information on both locations and transitions, and we study various model-checking problems for that model based on extensions of classical temporal logics with cost constraints on modalities. We prove that, under the assumption that the model has only one clock, model-checking this class of models against the logic WCTL, CTL with cost-constrained modalities, is PSPACE-complete (while it has been shown undecidable as soon as the model has three clocks). We also prove that model-checking WMTL, LTL with cost-constrained modalities, is decidable only if there is a single clock in the model and a single stopwatch cost variable (i.e., whose slopes lie in {0,1}).

💡 Research Summary

The paper investigates model‑checking problems for priced (or weighted) timed automata (PTA), an extension of classical timed automata where both locations and transitions carry cost information. The authors focus on two temporal logics enriched with cost constraints: WCTL, a cost‑constrained version of CTL, and WMTL, a cost‑constrained version of LTL. Their main contributions are precise complexity and decidability results for these logics when the underlying PTA is restricted to a single clock.

First, the authors formalize PTAs, emphasizing that cost variables act as observers: they accumulate values along runs but never influence the admissibility of moves. A PTA is defined as a tuple ((Q,q_0,X,T,\eta,{cost_i}_{i=1}^p)) where (X) is the set of clocks (here a singleton), (T) the transition relation, (\eta) the invariant map, and each (cost_i) assigns a non‑negative integer to locations and edges. Costs can have slopes (rates) drawn from a set (S); a “stopwatch” cost has slopes in ({0,1}).

WCTL extends CTL by allowing modalities of the form (E,\varphi,U_{cost\sim c},\psi) and (A,\varphi,U_{cost\sim c},\psi), where the accumulated cost along a path up to the first state satisfying (\psi) must satisfy the comparison (\sim c). The semantics are defined over infinite runs of the PTA, with the cost of a finite prefix computed as the sum of discrete and delay contributions.

The central technical result for WCTL is Theorem 2.3: model‑checking WCTL on a one‑clock PTA is PSPACE‑complete. The lower bound follows from a reduction of the PSPACE‑hardness of TCTL model‑checking on one‑clock timed automata. The upper bound is obtained in two steps. The authors first construct a sufficient granularity of the state space: for any WCTL formula (\Phi) they define a finite set of constants (a_0<a_1<\dots<a_n) (including all clock constants, multiples of (1/C^{\sim(\Phi)}) where (C) is the least common multiple of all positive location costs and (\sim(\Phi)) is the nesting depth of constrained modalities). Within each open interval ((a_i,a_{i+1})) the truth of (\Phi) is uniform. This refined region partition is finer than the classic region construction for timed automata, because it must respect cost thresholds as well as clock constraints. Using these regions, the authors build a finite abstract graph whose nodes are pairs ((q,(a_i,a_{i+1}))). The WCTL formula can then be evaluated on this graph by a standard CTL model‑checking algorithm. Although the naïve construction yields an EXPTIME procedure, careful on‑the‑fly region generation and symbolic representation reduce the space consumption to PSPACE, matching the lower bound.

For the linear‑time counterpart, the paper introduces WMTL, which augments LTL with cost‑bounded “until” operators. The authors prove that WMTL model‑checking is decidable iff the PTA has exactly one clock and exactly one cost variable that is a stopwatch (i.e., its rate is either 0 or 1). Under these restrictions, the cost behaves like an additional clock, and the authors can reuse the region construction for a single clock to obtain a finite‑state product with the Büchi automaton representing the negation of the WMTL formula. The emptiness of this product can be decided using standard techniques, yielding decidability. Conversely, they show that relaxing either restriction (adding a second clock or allowing a cost with a slope other than 0/1) leads to undecidability, by encoding a two‑counter Minsky machine or a post‑correspondence problem into the cost constraints.

The paper also discusses related work, emphasizing that model‑checking priced timed automata with three or more clocks is already undecidable (as shown in earlier work). The single‑clock restriction thus dramatically improves the algorithmic landscape, mirroring known results for pure timed automata where reachability drops from PSPACE‑complete to NLOGSPACE‑complete.

Beyond the theoretical contributions, the authors illustrate the practical relevance with a running example: a repair system where problems occur periodically, and the cost of repair depends on the chosen repair strategy (cheap vs. expensive). They express properties such as “whenever a problem occurs, it can be repaired with total cost ≤ 47” using WCTL, and show how the model‑checking algorithm can verify such statements.

In summary, the paper establishes a clear boundary for the decidability and complexity of cost‑constrained temporal logics over priced timed automata:

• WCTL model‑checking on one‑clock PTAs is PSPACE‑complete.
• WMTL model‑checking is decidable only for one‑clock PTAs with a single stopwatch cost; otherwise it is undecidable. The results are obtained by refining the region abstraction to capture cost thresholds, and by carefully translating the logics into finite‑state verification problems. These findings open the way for practical verification tools that can handle both timing and quantitative resource constraints in real‑time systems.