Bounded Model Checking for Knowledge and Real Time Bo˙ zena Wo´ zna and Alessio Lomuscio * Department of Computer Science, UCL Gower Street, London WC1E 6BT,UK email: {B.Wozna,A.Lomuscio}@cs.ucl.ac.uk Wojciech Penczek † Institute of Computer Science, PAS Ordona 21, 01-237 Warsaw, Poland email: penczek@ipipan.waw.pl ABSTRACT We present TECTLK, a logic to specify knowledge and real time in multi-agent systems. We show that the model check- ing problem is decidable, and we present an algorithm for TECTLK bounded model checking based on a discretisation method. We exemplify the use of the technique by means of the ”Railroad Crossing System”, a popular example in the multi-agent systems literature. Categories and Subject Descriptors F.3.1 [Specifying and Verifying and Reasoning about Programs]: Specification techniques; D.2.4 [Software/Pro- gram Verification]: Model checking; I.2.11 [Distributed Artificial Intelligence]: Multiagent systems General Terms Verification Keywords Model checking, interpreted systems, epistemic logic, real time. 1. INTRODUCTION Model checking [8] is an area of formal methods concerned with automatic verification of hardware and software sys- tems. It consists of a number of techniques to determine whether a given logical formula representing a specification is satisfied in a particular formal model representing the ex- ecutions of a system. Originally developed for verification ∗ The authors acknowledge support from the EPSRC (grant GR/S49353) and the Nuffield Foundation (grant NAL/690/G). † Also affiliated with Podlasie Academy of Siedlce. The author acknowledges support from the Polish grant, No. 3T11C01128. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. AAMAS’05, July 25-29, 2005, Utrecht, Netherlands. Copyright 2005 ACM 1-59593-094-9/05/0007 ...$5.00. of (untimed) reactive systems, model checking has recently become an active subject of research in the area of multi- agent systems [6, 9, 12, 22]. In particular, recent contribu- tions have focused on extending model checking techniques and tools [12, 16, 19, 20, 23, 26], to adapt them to the needs of multi-agent systems (MAS) formalisms. As it was shown in [9], knowledge is a useful concept for analyzing the information state and the behaviour of agents in multi-agent systems. In particular, it is useful to rea- son about and to verify the evolution over time of epistemic states [11]. The usual assumption in the area is to con- sider time to be discrete. It is often argued that a model of time closer to reality should assume a continuous flow of instants. In this paper we make an attempt to evaluate the consequences of this suggestion in the context of epis- temic states of multi-agent systems. Specifically, we make two contributions: first we present a logic, TECTLK, to reason about real time and knowledge in MAS; second, we present a technique for automatically verifying properties of MAS expressed in this logic. The rest of the paper is organized as follows. The next section defines Real Time Interpreted Systems, the seman- tics on which we will work with throughout the paper. In Section 3 the logic TECTLK is introduced. In Section 4 a Bounded Model Checking method for TECTLK is pre- sented. Section 5 shows how this method can be applied to the “railroad crossing system”, a typical multi-agent sys- tems example of time dependent systems. We conclude in Section 6 discussing related work. 2. INTERPRETED SYSTEMS ON REAL TIME In this section we briefly recall the concept of timed au- tomata, which were introduced in [2], and define a Real Time Interpreted System. 2.1 Timed Automata Let IR = [0, ∞) be a set of non-negative real numbers, IR+ = (0, ∞) be a set of positive real numbers, IN = {0, 1,...} a set of natural numbers, X a finite set of real variables, called clocks, x ∈X , c ∈ IN, and ∼ ∈ {≤,<, =,>, ≥}. The clock constraints over X are defined by the following gram- mar: cc := true | x ∼ c | cc ∧ cc Notice that in order to keep the presentation as simple as possible and to use the discretisation method of [27] we do not allow for differences of clocks in C(X ).