Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Hyper parametric timed CTL

Masaki Waga, Étienne André

TL;DR

This work introduces HyperPTCTL, a parametric timed hyperlogic for reasoning about multiple execution traces, and its nest-free fragment extended with COUNT and LAST predicates to capture action counts and last-occurrence timing. The authors develop semi-algorithms that reduce Nest-Free Ext-HyperPTCTL model checking and synthesis to Ext-PTCTL via self-composition and observers, enabling existing PTCTL techniques to be reused. They identify decidable subclasses depending on parameter placement (in the property vs in the model) and demonstrate practical feasibility with an implementation (HyPTCTLchecker) built atop IMITATOR, showing favorable results on moderate-size PTAs and properties. The approach supports encoding opacity, (un)fairness, and robust observational nondeterminism in a timed-parametric setting, and experiments indicate the method’s practical relevance, while highlighting areas for further decidable boundaries and optimization. Overall, this work extends hyperlogics into the timed-parametric domain and provides tractable pathways for model checking and synthesis in many useful cases, with a functioning toolchain and empirical validation.

Abstract

Hyperproperties enable simultaneous reasoning about multiple execution traces of a system and are useful to reason about non-interference, opacity, robustness, fairness, observational determinism, etc. We introduce hyper parametric timed computation tree logic (HyperPTCTL), extending hyperlogics with timing reasoning and, notably, parameters to express unknown values. We mainly consider its nest-free fragment, where temporal operators cannot be nested. However, we allow extensions that enable counting actions and comparing the duration since the most recent occurrence of specific actions. We show that our nest-free fragment with this extension is sufficiently expressive to encode properties, e.g., opacity, (un)fairness, or robust observational (non-)determinism. We propose semi-algorithms for model checking and synthesis of parametric timed automata (an extension of timed automata with timing parameters) against this nest-free fragment with the extension via reduction to PTCTL model checking and synthesis. While the general model checking (and thus synthesis) problem is undecidable, we show that a large part of our extended (yet nest-free) fragment is decidable, provided the parameters only appear in the property, not in the model. We also exhibit additional decidable fragments where parameters within the model are allowed. We implemented our semi-algorithms on top of the IMITATOR model checker, and performed experiments. Our implementation supports most of the nest-free fragments (beyond the decidable classes). The experimental results highlight our method's practical relevance.

Hyper parametric timed CTL

TL;DR

This work introduces HyperPTCTL, a parametric timed hyperlogic for reasoning about multiple execution traces, and its nest-free fragment extended with COUNT and LAST predicates to capture action counts and last-occurrence timing. The authors develop semi-algorithms that reduce Nest-Free Ext-HyperPTCTL model checking and synthesis to Ext-PTCTL via self-composition and observers, enabling existing PTCTL techniques to be reused. They identify decidable subclasses depending on parameter placement (in the property vs in the model) and demonstrate practical feasibility with an implementation (HyPTCTLchecker) built atop IMITATOR, showing favorable results on moderate-size PTAs and properties. The approach supports encoding opacity, (un)fairness, and robust observational nondeterminism in a timed-parametric setting, and experiments indicate the method’s practical relevance, while highlighting areas for further decidable boundaries and optimization. Overall, this work extends hyperlogics into the timed-parametric domain and provides tractable pathways for model checking and synthesis in many useful cases, with a functioning toolchain and empirical validation.

Abstract

Hyperproperties enable simultaneous reasoning about multiple execution traces of a system and are useful to reason about non-interference, opacity, robustness, fairness, observational determinism, etc. We introduce hyper parametric timed computation tree logic (HyperPTCTL), extending hyperlogics with timing reasoning and, notably, parameters to express unknown values. We mainly consider its nest-free fragment, where temporal operators cannot be nested. However, we allow extensions that enable counting actions and comparing the duration since the most recent occurrence of specific actions. We show that our nest-free fragment with this extension is sufficiently expressive to encode properties, e.g., opacity, (un)fairness, or robust observational (non-)determinism. We propose semi-algorithms for model checking and synthesis of parametric timed automata (an extension of timed automata with timing parameters) against this nest-free fragment with the extension via reduction to PTCTL model checking and synthesis. While the general model checking (and thus synthesis) problem is undecidable, we show that a large part of our extended (yet nest-free) fragment is decidable, provided the parameters only appear in the property, not in the model. We also exhibit additional decidable fragments where parameters within the model are allowed. We implemented our semi-algorithms on top of the IMITATOR model checker, and performed experiments. Our implementation supports most of the nest-free fragments (beyond the decidable classes). The experimental results highlight our method's practical relevance.
Paper Structure (30 sections, 15 theorems, 6 equations, 5 figures, 1 table, 1 algorithm)

This paper contains 30 sections, 15 theorems, 6 equations, 5 figures, 1 table, 1 algorithm.

Table of Contents

  1. Introduction
  2. Contributions
  3. Related works
  4. Model checking parametric timed formalisms
  5. Hyperproperties
  6. Preliminaries
  7. Clocks, clock guards, and parameters
  8. Parametric timed automata
  9. Hyper parametric timed CTL
  10. Syntax of (Ext-)HyperPTCTL
  11. Semantics of (Ext-)HyperPTCTL
  12. Problems
  13. Reduction of Nest-Free Ext-HyperPTCTL synthesis to PTCTL synthesis
  14. Reduction of path variables via self-composition of PTAs
  15. Observers for extended predicates
  16. ...and 15 more sections

Key Result

Theorem 10

For a PTA $\mathcal{A}$, a temporal-level Nest-Free Ext-HyperPTCTL formulas $\varphi_{\exists} = \exists{\pi_1,\pi_2,\dots,\pi_n}.\, {\varphi_1} \mathbin{\mathcal{U}_{\bowtie \gamma}} {\varphi_2}$ and $\varphi_{\forall} = \forall{\pi_1,\pi_2,\dots,\pi_n}.\, {\varphi_1} \mathbin{\mathcal{U}_{\bowtie

Figures (5)

  • Figure 1: Our reduction: Nest-Free Ext-HyperPTCTL synthesis (resp. model checking) is reduced to Ext-PTCTL synthesis (resp. model checking) via self-composition; the extended predicates in Ext-PTCTL are evaluated by an observer PTA, which is composed with the PTA $\mathcal{A}^n$.
  • Figure 2: Drifted clock generator example: PTA $\mathcal{A}$
  • Figure 3: The self-composition $\mathcal{A} \mathbin{||} \mathcal{A}$ of $\mathcal{A}$ in \ref{['figure:system_running_example']}.
  • Figure 4: A part of the observer of $\varphi'_2 = (\mathit{COUNT}(\textcolor{coloract!80!black}{\mathrm{H^1}}_{\textcolor{colorvar!80!black}{\pi}}) - \mathit{COUNT}(\textcolor{coloract!80!black}{\mathrm{H^2}}_{\textcolor{colorvar!80!black}{\pi}}) \bmod 4) = 0$.
  • Figure 5: A part of the observer of $\varphi'_3 = \mathit{LAST}(\textcolor{coloract!80!black}{\mathrm{H^1}}_{\textcolor{colorvar!80!black}{\pi}}) - \mathit{LAST}(\textcolor{coloract!80!black}{\mathrm{H^2}}_{\textcolor{colorvar!80!black}{\pi}}) \not\in [-\textcolor{colorparam!80!black}{p_2}, \textcolor{colorparam!80!black}{p_2}]$. Most of the edges from initial locations are omitted for simplicity. The initial satisfaction of $\varphi'_3$ is conditioned with the invariant.

Theorems & Definitions (48)

  • Definition 1: PTA
  • Definition 2: Semantics of a TA
  • Definition 3: Syntax of HyperPTCTL
  • Definition 4: Syntax of Ext-HyperPTCTL
  • Definition 5: Path assignments
  • Definition 6: Semantics of HyperPTCTL
  • Definition 7: Semantics of Ext-HyperPTCTL
  • Definition 8: Syntax of Nest-Free HyperPTCTL
  • Definition 9: $\mathit{reduce}^n$
  • Theorem 10
  • ...and 38 more