Better abstractions for timed automata

We consider the reachability problem for timed automata. A standard solution to this problem involves computing a search tree whose nodes are abstractions of zones. These abstractions preserve underlying simulation relations on the state space of the automaton. For both effectiveness and efficiency reasons, they are parametrized by the maximal lower and upper bounds (LU-bounds) occurring in the guards of the automaton. We consider the aLU abstraction defined by Behrmann et al. Since this abstraction can potentially yield non-convex sets, it has not been used in implementations. We prove that aLU abstraction is the biggest abstraction with respect to LU-bounds that is sound and complete for reachability. We also provide an efficient technique to use the aLU abstraction to solve the reachability problem.

💡 Research Summary

The paper addresses the classic reachability problem for timed automata (TA), where the infinite state space induced by real‑valued clocks must be finitely approximated in order to decide whether a target state is reachable from the initial configuration. The standard approach uses zones—convex sets of clock valuations represented by Difference Bound Matrices (DBMs)—and abstracts them with operators that are parameterised by the maximal lower and upper bounds (LU‑bounds) appearing in the automaton’s guards.

Among the LU‑bound based abstractions, the aLU abstraction introduced by Behrmann et al. is theoretically attractive because it corresponds to the region closure of a zone and therefore captures precisely the set of regions intersecting the zone. However, aLU can produce non‑convex sets, which makes it unsuitable for implementations that rely on convex zone representations. Consequently, aLU has not been used in practice.

The authors make three major contributions. First, they prove that aLU is the coarsest abstraction that is both sound (no spurious reachable states are introduced) and complete (no genuine reachable states are lost) with respect to a given pair of LU‑bounds. In other words, any other LU‑bound based abstraction that is sound and complete must be at least as fine as aLU; thus aLU yields the smallest possible abstract transition system for those bounds.

Second, they devise an efficient inclusion test for aLU. The test decides, for two zones Z and Z′, whether Z′ is contained in aLU(Z). Although aLU may generate non‑convex unions of regions, the authors show that this containment can be checked by a purely quadratic‑time algorithm in the number of clocks, using only standard DBM operations. The algorithm essentially computes the region closure of Z, then checks whether Z′ lies inside that closure, without ever materialising the non‑convex set explicitly.

Third, they integrate the aLU abstraction into a forward exploration algorithm. The algorithm proceeds exactly as in traditional zone‑based analysis—applying delay, guard, and reset operations—but after each symbolic step it applies the aLU abstraction to the resulting zone. Because the inclusion test is cheap, the algorithm can maintain a single convex zone representation for each abstract node while still implicitly representing the full non‑convex aLU image. This yields a transition system that is at most as large as any other LU‑bound based abstraction, while keeping the per‑step computational cost identical to standard zone methods.

The paper also provides a detailed comparison with two previously known non‑convex abstractions: Extra+LU (used in the UPP‑AAL tool) and its region‑closed variant Closure+LU. Figure 1 illustrates that aLU is strictly coarser than Extra+LU and strictly finer than Closure+LU, while its inclusion test is simpler than that of Closure+LU. Consequently, the aLU‑based algorithm can produce smaller abstract graphs without incurring additional overhead.

The structure of the paper is as follows. Section 2 introduces timed automata, zones, and the formal notion of sound and complete abstractions parameterised by LU‑bounds. Section 3 defines the aLU abstraction and proves its optimality (coarseness) among all LU‑bound abstractions. Section 4 shows that aLU coincides with the abstract operator absLU introduced earlier, establishing the theoretical foundation for its use. Section 5 presents the quadratic‑time inclusion test and proves its correctness. Section 6 outlines the forward exploration algorithm that combines standard zone operations with the aLU abstraction, and discusses implementation considerations. The paper concludes with remarks on the practical impact of enabling non‑convex abstractions in existing verification tools and suggests directions for future work, such as extending the technique to priced or weighted timed automata.

Overall, the work bridges the gap between the elegant theoretical properties of aLU and the practical requirements of zone‑based model checking, demonstrating that non‑convex abstractions can be handled efficiently and can lead to strictly smaller abstract models for timed‑automata reachability.