Real-time Model Checking Timed Temporal Logics Nicolas M ARKEY - PowerPoint PPT Presentation

Timed words vs. timed state sequences Example x ≤ 2 y > 0 a , b , y := 0 x := 0 y ≤ 2 c , x := 0 x ≥ 2 a , y := 0 continuous semantics x = 0 y = 0 pointwise semantics

Timed words vs. timed state sequences Example x ≤ 2 y > 0 a , b , y := 0 x := 0 y ≤ 2 c , x := 0 x ≥ 2 a , y := 0 continuous semantics x = 1 . 5 y = 0 pointwise semantics a 1 . 5

Timed words vs. timed state sequences Example x ≤ 2 y > 0 a , b , y := 0 x := 0 y ≤ 2 c , x := 0 x ≥ 2 a , y := 0 continuous semantics x = 0 y = 1 . 3 pointwise semantics a b 1 . 5 2 . 8

Timed words vs. timed state sequences Example x ≤ 2 y > 0 a , b , y := 0 x := 0 y ≤ 2 c , x := 0 x ≥ 2 a , y := 0 continuous semantics x = 2 . 6 y = 0 pointwise semantics a b a 1 . 5 2 . 8 5 . 4

Timed words vs. timed state sequences Example x ≤ 2 y > 0 a , b , y := 0 x := 0 y ≤ 2 c , x := 0 x ≥ 2 a , y := 0 continuous semantics x = 0 y = 1 . 3 pointwise semantics a b a c 1 . 5 2 . 8 5 . 4 6 . 7

Timed logics in the pointwise framework Definition MTL ∋ ϕ ::= | ¬ ϕ | ϕ ∨ ϕ | ϕ U I ϕ where ranges over { , , ... } and I is an interval with bounds in Q + ∪ { + ∞} .

Timed logics in the pointwise framework Definition Pointwise semantics of MTL: over π = ( w i , t i ) i with t 0 = 0: π, i | = ϕ U I ψ iff there exists some j > 0 s.t. – π, i + j | = ψ , – π, i + k | = ϕ for all 0 < k < j , – t i + j − t i ∈ I .

Timed logics in the pointwise framework Definition Pointwise semantics of MTL: over π = ( w i , t i ) i with t 0 = 0: π, i | = ϕ U I ψ iff there exists some j > 0 s.t. – π, i + j | = ψ , – π, i + k | = ϕ for all 0 < k < j , – t i + j − t i ∈ I . Example a U [ 2 , 3 ] c 0 1 2 ( init , 0 ) ( a , 0 . 6 ) ( a , 1 . 2 ) ( c , 2 . 1 )

Timed logics in the pointwise framework Definition Pointwise semantics of MTL: over π = ( w i , t i ) i with t 0 = 0: π, i | = ϕ U I ψ iff there exists some j > 0 s.t. – π, i + j | = ψ , – π, i + k | = ϕ for all 0 < k < j , – t i + j − t i ∈ I . Example F ( b ∧ ⊥ U [ 1 , 1 ] a ) 0 1 2 ( init , 0 ) ( b , 0 . 8 ) ( b , 1 . 3 ) ( a , 2 . 3 )

Timed logics in the pointwise framework Definition Pointwise semantics of MTL: over π = ( w i , t i ) i with t 0 = 0: π, i | = ϕ U I ψ iff there exists some j > 0 s.t. – π, i + j | = ψ , – π, i + k | = ϕ for all 0 < k < j , – t i + j − t i ∈ I . Example F [ 2 , 2 ] c 0 1 2 ( init , 0 ) ( b , 0 . 9 ) ( c , 2 )

Timed logics in the pointwise framework Definition Pointwise semantics of MTL: over π = ( w i , t i ) i with t 0 = 0: π, i | = ϕ U I ψ iff there exists some j > 0 s.t. – π, i + j | = ψ , – π, i + k | = ϕ for all 0 < k < j , – t i + j − t i ∈ I . Example def F [ 2 , 2 ] c = F = 2 c 0 1 2 ( init , 0 ) ( b , 0 . 9 ) ( c , 2 )

Timed logics in the pointwise framework Definition Pointwise semantics of MTL: over π = ( w i , t i ) i with t 0 = 0: π, i | = ϕ U I ψ iff there exists some j > 0 s.t. – π, i + j | = ψ , – π, i + k | = ϕ for all 0 < k < j , – t i + j − t i ∈ I . Example F [ 2 , 2 ] c �≡ F = 1 F = 1 c 0 1 2 ( init , 0 ) ( b , 0 . 9 ) ( c , 2 )

Timed logics in the pointwise framework Definition TPTL ∋ ϕ ::= | x ∼ c | ¬ ϕ | ϕ ∨ ϕ | ϕ U ϕ | x . ϕ where ranges over { , , ... } , x ranges over a set of formula clocks, c ∈ Q + and ∼ ∈ { <, ≤ , = , ≥ , > } .

Timed logics in the pointwise framework Definition Pointwise semantics of TPTL: over π = ( w i , t i ) i with t 0 = 0, under some clock valuation τ : : π, i , τ | = x ∼ c iff τ ( x ) ∼ c

Timed logics in the pointwise framework Definition Pointwise semantics of TPTL: over π = ( w i , t i ) i with t 0 = 0, under some clock valuation τ : : π, i , τ | = x ∼ c iff τ ( x ) ∼ c π, i , τ | = x . ϕ iff π, i , τ [ x ← 0 ] | = ϕ

Timed logics in the pointwise framework Definition Pointwise semantics of TPTL: over π = ( w i , t i ) i with t 0 = 0, under some clock valuation τ : : π, i , τ | = x ∼ c iff τ ( x ) ∼ c π, i , τ | = x . ϕ iff π, i , τ [ x ← 0 ] | = ϕ π, i , τ | = ϕ U ψ iff there exists some j > 0 s.t. – π, i + j , τ + t i + j − t i | = ψ , – π, i + k , τ + t i + k − t i | = ϕ for all 0 < k < j .

Timed logics in the pointwise framework Definition Pointwise semantics of TPTL: over π = ( w i , t i ) i with t 0 = 0, under some clock valuation τ : : π, i , τ | = x ∼ c iff τ ( x ) ∼ c π, i , τ | = x . ϕ iff π, i , τ [ x ← 0 ] | = ϕ π, i , τ | = ϕ U ψ iff there exists some j > 0 s.t. – π, i + j , τ + t i + j − t i | = ψ , – π, i + k , τ + t i + k − t i | = ϕ for all 0 < k < j . Example x . ( a U ( c ∧ x ∈ [ 2 , 3 ])) 0 1 2 ( init , 0 ) ( a , 0 . 6 ) ( a , 1 . 2 ) ( c , 2 . 1 )

Timed logics in the pointwise framework Definition Pointwise semantics of TPTL: over π = ( w i , t i ) i with t 0 = 0, under some clock valuation τ : : π, i , τ | = x ∼ c iff τ ( x ) ∼ c π, i , τ | = x . ϕ iff π, i , τ [ x ← 0 ] | = ϕ π, i , τ | = ϕ U ψ iff there exists some j > 0 s.t. – π, i + j , τ + t i + j − t i | = ψ , – π, i + k , τ + t i + k − t i | = ϕ for all 0 < k < j . Example F ( b ∧ x . ( ⊥ U ( a ∧ x = 1 ))) 0 1 2 ( init , 0 ) ( a , 0 . 6 ) ( b , 1 . 1 ) ( a , 2 . 1 )

Timed logics in the pointwise framework Definition Pointwise semantics of TPTL: over π = ( w i , t i ) i with t 0 = 0, under some clock valuation τ : : π, i , τ | = x ∼ c iff τ ( x ) ∼ c π, i , τ | = x . ϕ iff π, i , τ [ x ← 0 ] | = ϕ π, i , τ | = ϕ U ψ iff there exists some j > 0 s.t. – π, i + j , τ + t i + j − t i | = ψ , – π, i + k , τ + t i + k − t i | = ϕ for all 0 < k < j . Example x . F ( a ∧ F ( b ∧ x ≤ 1 )) 0 1 2 ( init , 0 ) ( a , 0 . 5 ) ( b , 0 . 9 ) ( c , 2 )

Timed logics in the continuous framework Definition Continuous semantics of MTL: over π : R + → { , , ... } : π, t | = ϕ U I ψ iff there exists some u > 0 s.t. – π, t + u | = ψ , – π, t + v | = ϕ for all 0 < v < u , – u ∈ I .

Timed logics in the continuous framework Definition Continuous semantics of MTL: over π : R + → { , , ... } : π, t | = ϕ U I ψ iff there exists some u > 0 s.t. – π, t + u | = ψ , – π, t + v | = ϕ for all 0 < v < u , – u ∈ I . π, t | = p iff p ∈ π ( t )

Timed logics in the continuous framework Definition Continuous semantics of MTL: over π : R + → { , , ... } : π, t | = ϕ U I ψ iff there exists some u > 0 s.t. – π, t + u | = ψ , – π, t + v | = ϕ for all 0 < v < u , – u ∈ I . π, t | = p iff p ∈ π ( t ) Example 0 1 2 ( ∨ ) U ≤ 2

Timed logics in the continuous framework Definition Continuous semantics of MTL: over π : R + → { , , ... } : π, t | = ϕ U I ψ iff there exists some u > 0 s.t. – π, t + u | = ψ , – π, t + v | = ϕ for all 0 < v < u , – u ∈ I . π, t | = p iff p ∈ π ( t ) Example 0 1 2 F = 2

Timed logics in the continuous framework Definition Continuous semantics of MTL: over π : R + → { , , ... } : π, t | = ϕ U I ψ iff there exists some u > 0 s.t. – π, t + u | = ψ , – π, t + v | = ϕ for all 0 < v < u , – u ∈ I . π, t | = p iff p ∈ π ( t ) Example 0 1 2 ≡ F = 1 ( F = 1 ) F = 2

Timed logics in the continuous framework Definition Continuous semantics of TPTL: over π : R + → { , , ... } : π, t , τ | = x ∼ c iff τ ( x ) ∼ c

Timed logics in the continuous framework Definition Continuous semantics of TPTL: over π : R + → { , , ... } : π, t , τ | = x ∼ c iff τ ( x ) ∼ c π, t , τ | = x . ϕ iff π, i , τ [ x ← 0 ] | = ϕ

Timed logics in the continuous framework Definition Continuous semantics of TPTL: over π : R + → { , , ... } : π, t , τ | = x ∼ c iff τ ( x ) ∼ c π, t , τ | = x . ϕ iff π, i , τ [ x ← 0 ] | = ϕ π, t , τ | = ϕ U ψ iff there exists some u > 0 s.t. – π, t + u , τ + u − t | = ψ , – π, i + k , τ + v − t | = ϕ for all 0 < v < u .

Timed logics in the continuous framework Definition Continuous semantics of TPTL: over π : R + → { , , ... } : π, t , τ | = x ∼ c iff τ ( x ) ∼ c π, t , τ | = x . ϕ iff π, i , τ [ x ← 0 ] | = ϕ π, t , τ | = ϕ U ψ iff there exists some u > 0 s.t. – π, t + u , τ + u − t | = ψ , – π, i + k , τ + v − t | = ϕ for all 0 < v < u . Example 0 1 2 x . (( ∨ ) U ( ∧ x ≤ 2 )

Timed logics in the continuous framework Definition Continuous semantics of TPTL: over π : R + → { , , ... } : π, t , τ | = x ∼ c iff τ ( x ) ∼ c π, t , τ | = x . ϕ iff π, i , τ [ x ← 0 ] | = ϕ π, t , τ | = ϕ U ψ iff there exists some u > 0 s.t. – π, t + u , τ + u − t | = ψ , – π, i + k , τ + v − t | = ϕ for all 0 < v < u . Example 0 1 2 x . F ( ∧ F ( ∧ x ≤ 2 ))

Relative expressiveness of TPTL and MTL Lemma MTL can be translated into TPTL. Proof. ϕ U I ψ ≡ x . ϕ U ( ψ ∧ x ∈ I ) .

Relative expressiveness of TPTL and MTL Lemma MTL can be translated into TPTL. Proof. ϕ U I ψ ≡ x . ϕ U ( ψ ∧ x ∈ I ) . Conversely, consider the following TPTL formula: � � . G ⇒ x . F ( ∧ F ( ∧ x ≤ 2 )) It characterizes the following pattern: 0 1 2 green red blue

Relative expressiveness of TPTL and MTL � � . G ⇒ x . F ( ∧ F ( ∧ x ≤ 2 )) 0 1 2 green          G ⇒        

Relative expressiveness of TPTL and MTL � � . G ⇒ x . F ( ∧ F ( ∧ x ≤ 2 )) 0 1 2 green red blue  F [ 0 , 1 ] ∧ F [ 1 , 2 ]         G ⇒        

Relative expressiveness of TPTL and MTL � � . G ⇒ x . F ( ∧ F ( ∧ x ≤ 2 )) 0 1 2 green red blue  F [ 0 , 1 ] ∧ F [ 1 , 2 ]     ∨     G ⇒ F [ 0 , 1 ] ( ∧ F [ 0 , 1 ] )        

Relative expressiveness of TPTL and MTL � � . G ⇒ x . F ( ∧ F ( ∧ x ≤ 2 )) 0 1 2 green red blue  F [ 0 , 1 ] ∧ F [ 1 , 2 ]     ∨     G ⇒ F [ 0 , 1 ] ( ∧ F [ 0 , 1 ] )        

Relative expressiveness of TPTL and MTL � � . G ⇒ x . F ( ∧ F ( ∧ x ≤ 2 )) 0 1 2 green red blue = 1  F [ 0 , 1 ] ∧ F [ 1 , 2 ]     ∨     G ⇒ F [ 0 , 1 ] ( ∧ F [ 0 , 1 ] )  ∨       F [ 0 , 1 ] ( F ( 0 , 1 ) ∧ F = 1 ) 

Relative expressiveness of TPTL and MTL � � . G ⇒ x . F ( ∧ F ( ∧ x ≤ 2 )) 0 1 2 green red blue = 1  F [ 0 , 1 ] ∧ F [ 1 , 2 ]     ∨     G ⇒ F [ 0 , 1 ] ( ∧ F [ 0 , 1 ] )  ∨       F [ 0 , 1 ] ( F ( 0 , 1 ) ∧ F = 1 )  Remark This translation is only valid in the continuous semantics

Relative expressiveness of TPTL and MTL Theorem TPTL is strictly more expressive than MTL. Refs: [1] Bouyer, Chevalier, M. On the Expressiveness of TPTL and MTL (2005).

Relative expressiveness of TPTL and MTL Theorem TPTL is strictly more expressive than MTL. Proof. In the pointwise semantics: G � ⇒ x . F ( ∧ F ( ∧ x ≤ 2 )) � cannot be expressed in MTL. In both semantics: ϕ = x . F ( ∧ x ≤ 1 ∧ G ( x ≤ 1 ⇒ ¬ )) cannot be expressed in MTL. Refs: [1] Bouyer, Chevalier, M. On the Expressiveness of TPTL and MTL (2005).

Outline of the talk Introduction 1 Extending temporal logics with real-time constraints 2 Continuous and pointwise semantics Expressiveness issues Model checking timed linear-time logics 3 Undecidability of MTL and TPTL Decidable fragments Model checking timed branching-time logics 4 Conclusions and open problems 5

MTL model-checking Theorem MTL model-checking and satisfiability are undecidable under the continuous semantics. Refs: [1] Alur, Henzinger. Real-time logics: Complexity and expressiveness (1990).

MTL model-checking Theorem MTL model-checking and satisfiability are undecidable under the continuous semantics. Proof. Encode the halting problem of a Turing machine: One time-unit = one configuration of the Turing machine Refs: [1] Alur, Henzinger. Real-time logics: Complexity and expressiveness (1990).

MTL model-checking Theorem MTL model-checking and satisfiability are undecidable under the continuous semantics. Proof. Encode the halting problem of a Turing machine: One time-unit = one configuration of the Turing machine n + 1 n + 2 n 0 0 1 1 0 0 0 1 0 0 tape head tape head Refs: [1] Alur, Henzinger. Real-time logics: Complexity and expressiveness (1990).

MTL model-checking Theorem MTL model-checking and satisfiability are undecidable under the continuous semantics. Proof. Encode the halting problem of a Turing machine: One time-unit = one configuration of the Turing machine n + 1 n + 2 n = 1 = 1 Refs: [1] Alur, Henzinger. Real-time logics: Complexity and expressiveness (1990).

MTL model-checking Theorem MTL model-checking and satisfiability are undecidable under the continuous semantics. Proof. Encode the halting problem of a Turing machine: One time-unit = one configuration of the Turing machine n + 1 n + 2 n = 1 = 1 G [( ∧ ¬ ( U ) ∧ ¬ (( ¬ ∧ ¬ ) U )) ⇔ F = 1 ] ∧ ... Refs: [1] Alur, Henzinger. Real-time logics: Complexity and expressiveness (1990).

MTL model-checking Remark This reduction requires continuous semantics, or the use of past-time modalities: n + 1 n + 2 n Refs: [1] Ouaknine, Worrell. On the decidability of Metric Temporal Logic (2005). [2] Ouaknine, Worrell. On Metric Temporal Logic and faulty Turing machines (2006).

MTL model-checking Remark This reduction requires continuous semantics, or the use of past-time modalities: n + 1 n + 2 n = 1 = 1 Refs: [1] Ouaknine, Worrell. On the decidability of Metric Temporal Logic (2005). [2] Ouaknine, Worrell. On Metric Temporal Logic and faulty Turing machines (2006).

MTL model-checking Remark This reduction requires continuous semantics, or the use of past-time modalities: n + 1 n + 2 n = 1 “insertion errors” = 1 Refs: [1] Ouaknine, Worrell. On the decidability of Metric Temporal Logic (2005). [2] Ouaknine, Worrell. On Metric Temporal Logic and faulty Turing machines (2006).

MTL model-checking Remark This reduction requires continuous semantics, or the use of past-time modalities: n + 1 n + 2 n = 1 “insertion errors” = 1 Theorem Under pointwise semantics, MTL model-checking and satisfiability are undecidable over infinite timed words; are decidable (with non-primitive recursive complexity) over finite timed words. Refs: [1] Ouaknine, Worrell. On the decidability of Metric Temporal Logic (2005). [2] Ouaknine, Worrell. On Metric Temporal Logic and faulty Turing machines (2006).

Metric Interval Temporal Logic Definition MITL is the fragment of MTL where punctuality is not allowed: MITL ∋ ϕ ::= | ¬ ϕ | ϕ ∨ ϕ | ϕ U I ϕ where ranges over { , , ... } and I is a non-punctual interval with bounds in Q + ∪ { + ∞} . Refs: [1] Alur, Feder, Henzinger. The benefits of relaxing punctuality (1991).

Metric Interval Temporal Logic Definition MITL is the fragment of MTL where punctuality is not allowed: MITL ∋ ϕ ::= | ¬ ϕ | ϕ ∨ ϕ | ϕ U I ϕ where ranges over { , , ... } and I is a non-punctual interval with bounds in Q + ∪ { + ∞} . Example G ( ⇒ F [ 1 , 2 ] ) is an MITL formula; G ( ⇒ F = 1 ) is not. Refs: [1] Alur, Feder, Henzinger. The benefits of relaxing punctuality (1991).

Metric Interval Temporal Logic Definition MITL is the fragment of MTL where punctuality is not allowed: MITL ∋ ϕ ::= | ¬ ϕ | ϕ ∨ ϕ | ϕ U I ϕ where ranges over { , , ... } and I is a non-punctual interval with bounds in Q + ∪ { + ∞} . Example G ( ⇒ F [ 1 , 2 ] ) is an MITL formula; G ( ⇒ F = 1 ) is not. Theorem MITL model checking and satisfiability are EXPSPACE-complete. Refs: [1] Alur, Feder, Henzinger. The benefits of relaxing punctuality (1991).

(Co)Flat MTL Definition CoFlatMTL is the fragment of MTL defined as: CoFlatMTL ∋ ϕ ::= | ¬ | ϕ ∨ ϕ | ϕ ∧ ϕ | ϕ U I ϕ | ϕ U J ψ | ϕ R I ϕ | ψ R J ϕ where ranges over { , ... } , , I ranges over bounded intervals with bounds in Q , J ranges over intervals with bounds in Q ∪ { + ∞} , and ψ ranges over MITL. Refs: [1] Bouyer, M., Ouaknine, Worrell. The Cost of Punctuality (2007).

(Co)Flat MTL Definition CoFlatMTL is the fragment of MTL defined as: CoFlatMTL ∋ ϕ ::= | ¬ | ϕ ∨ ϕ | ϕ ∧ ϕ | ϕ U I ϕ | ϕ U J ψ | ϕ R I ϕ | ψ R J ϕ Remark CoFlatMTL is not closed under negation. Refs: [1] Bouyer, M., Ouaknine, Worrell. The Cost of Punctuality (2007).

(Co)Flat MTL Definition CoFlatMTL is the fragment of MTL defined as: CoFlatMTL ∋ ϕ ::= | ¬ | ϕ ∨ ϕ | ϕ ∧ ϕ | ϕ U I ϕ | ϕ U J ψ | ϕ R I ϕ | ψ R J ϕ Remark CoFlatMTL is not closed under negation. Example G ( ⇒ F = 1 ) is in CoFlatMTL. F ( ∧ G = 1 ) is in FlatMTL, but not in CoFlatMTL. Refs: [1] Bouyer, M., Ouaknine, Worrell. The Cost of Punctuality (2007).

(Co)Flat MTL Definition CoFlatMTL is the fragment of MTL defined as: CoFlatMTL ∋ ϕ ::= | ¬ | ϕ ∨ ϕ | ϕ ∧ ϕ | ϕ U I ϕ | ϕ U J ψ | ϕ R I ϕ | ψ R J ϕ Remark CoFlatMTL is not closed under negation. Theorem CoFlatMTL model-checking is EXPSPACE-complete. CoFlatMTL satisfiability is undecidable. Refs: [1] Bouyer, M., Ouaknine, Worrell. The Cost of Punctuality (2007).

Outline of the talk Introduction 1 Extending temporal logics with real-time constraints 2 Continuous and pointwise semantics Expressiveness issues Model checking timed linear-time logics 3 Undecidability of MTL and TPTL Decidable fragments Model checking timed branching-time logics 4 Conclusions and open problems 5

Branching-time logics with timing constraints – syntax Definition TCTL ∋ ϕ ::= | ¬ ϕ | ϕ ∧ ϕ | E ϕ U ∼ c ϕ | A ϕ U ∼ c ϕ where ∈ { , ... } , ∼ ∈ {≤ , <, = , >, ≥} and c ∈ N . , , Refs: [1] Alur, Courcoubetis, Dill. Model-Checking in Dense Real-Time (1993).

Branching-time logics with timing constraints – syntax Definition TCTL ∋ ϕ ::= | ¬ ϕ | ϕ ∧ ϕ | E ϕ U ∼ c ϕ | A ϕ U ∼ c ϕ where ∈ { , ... } , ∼ ∈ {≤ , <, = , >, ≥} and c ∈ N . , , Example A G ( ⇒ E F ≤ 5 ) Refs: [1] Alur, Courcoubetis, Dill. Model-Checking in Dense Real-Time (1993).

Branching-time logics with timing constraints – syntax Definition TCTL ∋ ϕ ::= | ¬ ϕ | ϕ ∧ ϕ | E ϕ U ∼ c ϕ | A ϕ U ∼ c ϕ where ∈ { , ... } , ∼ ∈ {≤ , <, = , >, ≥} and c ∈ N . , , Example A G ( ⇒ E F ≤ 5 ) A F ( A G ≤ 5 ) Refs: [1] Alur, Courcoubetis, Dill. Model-Checking in Dense Real-Time (1993).

Branching-time logics with timing constraints – semantics Definition The semantics of TCTL is defined as follows: let be a location and v be a clock valuation. , v | = E ( ) iff there is a run from ( , v ) such U ∼ c that v v’ ∼ c , v | = A ( U ∼ c ) is defined similarly.

Branching-time logics with timing constraints – semantics Definition The semantics of TCTL is defined as follows: let be a location and v be a clock valuation. , v | = E ( ) iff there is a run from ( , v ) such U ∼ c that v v’ ∼ c , v | = A ( U ∼ c ) is defined similarly. Remark We could also define a pointwise semantics: delay = c ′ delay = c action v v + c v ′ v ′ + c ′

Branching-time logics with timing constraints – semantics Example x ≤ 2 � � x = 1 . 2 , | = E U ≥ 1 y := 0 y = 0 . 4 y ≤ 2 x ≥ 3 y ≤ 2 , x := 0 � � x = 1 . 2 , | = A G ¬ y = 0 . 4 x ≤ 3 , y := 0

Branching-time logics with timing constraints – semantics Example x ≤ 2 � � x = 1 . 2 , | = E U ≥ 1 y := 0 y = 0 . 4 y ≤ 2 x ≥ 3 y ≤ 2 , x := 0 � � x = 1 . 2 , | = A G ¬ y = 0 . 4 x ≤ 3 , y := 0 x = 0 � ? � x = 0 | = E ( E F = 1 ) U = 3 , y = 0 y = 3 x = 1 x := 0

TCTL model checking Lemma Let be a location and ϕ be a TCTL formula. For any two valuations v and v ′ that belong to the same region, , v ′ | , v | = ϕ ⇔ = ϕ. Refs: [1] Alur, Courcoubetis, Dill. Model-Checking in Dense Real-Time (1993).

TCTL model checking Lemma Let be a location and ϕ be a TCTL formula. For any two valuations v and v ′ that belong to the same region, , v ′ | , v | = ϕ ⇔ = ϕ. Proof. By induction on ϕ . Refs: [1] Alur, Courcoubetis, Dill. Model-Checking in Dense Real-Time (1993).

TCTL model checking Lemma Let be a location and ϕ be a TCTL formula. For any two valuations v and v ′ that belong to the same region, , v ′ | , v | = ϕ ⇔ = ϕ. Proof. By induction on ϕ . Theorem TCTL model-checking is PSPACE-complete. Refs: [1] Alur, Courcoubetis, Dill. Model-Checking in Dense Real-Time (1993).

TCTL model checking Lemma Let be a location and ϕ be a TCTL formula. For any two valuations v and v ′ that belong to the same region, , v ′ | , v | = ϕ ⇔ = ϕ. Proof. By induction on ϕ . Theorem TCTL model-checking is PSPACE-complete. Proof. Space-efficient CTL labelling algorithm on the region graph. Refs: [1] Alur, Courcoubetis, Dill. Model-Checking in Dense Real-Time (1993).

Outline of the talk Introduction 1 Extending temporal logics with real-time constraints 2 Continuous and pointwise semantics Expressiveness issues Model checking timed linear-time logics 3 Undecidability of MTL and TPTL Decidable fragments Model checking timed branching-time logics 4 Conclusions and open problems 5

Conclusions and perspectives Real-time temporal logics have been much studied:

Conclusions and perspectives Real-time temporal logics have been much studied: linear-time: natural extensions of LTL are undecidable; several restrictions lead to decidability; however, model-checking linear-time logics is hard; no implementation exists.