Verification of temporal consistency constraints in the evolution of software for intelligent unmanned systems driven by model checking

Lu, Chaoze; Li, Chenghao; Liu, Chenxia; Wu, Xianrui; Huang, Yimin

doi:10.1038/s41598-025-06523-7

Download PDF

Article
Open access
Published: 01 July 2025

Verification of temporal consistency constraints in the evolution of software for intelligent unmanned systems driven by model checking

Chaoze Lu¹,
Chenghao Li¹,
Chenxia Liu¹,
Xianrui Wu¹ &
…
Yimin Huang¹

Scientific Reports volume 15, Article number: 21755 (2025) Cite this article

641 Accesses
Metrics details

Subjects

Abstract

As the application of intelligent unmanned systems in open environments becomes increasingly widespread, temporal consistency in the system’s dynamic evolution process has become a critical issue for determining whether the system is safe and reliable. To address this issue, this paper proposes a model checking-based method for verifying the temporal consistency of software evolution in intelligent unmanned systems, accurately modeling and verifying the temporal behavior of individual agents and multi-agent evolution in the system. First, a temporal consistency constraint verification framework for the evolution of intelligent unmanned systems is presented, under which a global time automaton network model is constructed. The framework defines global and local clock variables, enabling a unified representation of both the overall system process and the time properties of individual agents. Secondly, the temporal consistency constraint patterns under the three evolution operations—addition, deletion, and replacement—are described. Based on this, a temporal consistency verification algorithm is designed, covering dynamic operations such as the addition, deletion, and replacement of agents. The algorithm performs temporal consistency checks for each state through a marking function and depth-first search, ensuring the system’s temporal consistency. Finally, a case study on verifying the temporal consistency of an intelligent autonomous vehicle system is presented. Through a series of operations such as the addition, deletion, and replacement of agents, the effectiveness and applicability of the proposed method are verified. The results show that the method can effectively detect temporal inconsistencies in the evolution process, improving the reliability of system evolution in open environments.

Automated curriculum learning for embodied agents a neuroevolutionary approach

Article Open access 26 April 2021

Exploration-based model learning with self-attention for risk-sensitive robot control

Article Open access 07 December 2023

Aversion to external feedback suffices to ensure agent alignment

Article Open access 10 September 2024

Introduction

With the rapid development of computer and internet technologies, software systems are gradually transitioning from traditional closed, static, and controllable environments to open, dynamic, and uncontrollable environments, which has significantly driven the need for software evolution. Software evolution is reflected not only in functional updates and module replacements but also in adapting to new hardware platforms, being compatible with different operating environments, and meeting increasingly stringent performance and security requirements^1,2. For many critical application systems, ensuring consistency in the software’s dynamic evolution process is particularly important, especially in scenarios with high real-time and reliability requirements^3,4.

In the rapid development of intelligent unmanned systems⁵the need for software evolution is especially prominent. Technologies such as autonomous vehicles, drones, and intelligent robots are widely used in transportation, agriculture, military, and healthcare, greatly improving productivity and intelligence in these fields. However, due to the highly complex and open environmental characteristics of intelligent unmanned systems, temporal consistency in the system becomes a key research challenge. As agents are updated and collaboration strategies evolve, if temporal consistency constraints in the system’s time behavior are not strictly verified, it could lead to significant safety risks⁶.

In intelligent unmanned systems, temporal consistency not only affects the overall coordination efficiency of the system but also relates directly to its safety and reliability. For instance, in autonomous vehicles, if the system’s time constraints fail to meet expectations, it could lead to serious consequences such as obstacle avoidance failures or path planning errors⁷. Therefore, during the evolution of intelligent unmanned systems, ensuring real-time and accurate system performance through strict temporal consistency verification has become a key factor in ensuring its safe operation.

Currently, model checking techniques are widely used to verify the temporal consistency of intelligent unmanned systems. Model checking is a formal verification method that models the system’s time behavior and interactions as formal mathematical models, using tools to automate the verification of temporal properties, thereby ensuring that the system meets temporal consistency requirements during its evolution⁸. However, traditional software verification methods are insufficient in handling complex time constraints and cannot effectively address the temporal complexities of dynamic interactions between multiple agents and the evolution process in intelligent unmanned systems. Therefore, this paper proposes a model checking-based temporal consistency verification scheme to address the temporal safety challenges in the evolution process of intelligent unmanned systems. The main contributions of this paper are as follows:

(1)
A detailed description of the temporal consistency constraint patterns for three evolution operations: addition, deletion, and replacement, which carefully characterize the temporal consistency behavior constraints in the evolution of intelligent unmanned systems.
(2)
A temporal consistency constraint verification framework for the evolution of intelligent unmanned systems is designed, which models and verifies the evolution process from both individual agent timed automata and a global agent time automaton network.
(3)
A temporal consistency constraint verification algorithm for the evolution of intelligent unmanned systems is proposed, which implements a synchronization mechanism for local and global clocks and can verify whether the system maintains temporal consistency within a finite number of evolutionary steps.

The structure of the paper is arranged as follows: “Introduction” Section introduces the technical background of intelligent unmanned systems and the application needs of model checking technology. “Related Work” Section elaborates on the theoretical foundation of temporal consistency verification and analyzes the shortcomings of existing methods. “Evolutionary Temporal Consistency Constraint Problem and Verification Framework” Section presents the issue of temporal consistency in system evolution and related knowledge. “Temporal Consistency Modeling of Intelligent Unmanned System Evolution” Section analyzes the temporal consistency of the evolution of intelligent unmanned systems. “Temporal Consistency constraint Verification Algorithm and Analysis for the Evolution of Intelligent Unmanned Systems” Section presents the temporal consistency constraint algorithm and its verification process. “Case Study” Section further validates the feasibility through experiments. “Conclusion” Section summarizes the paper and looks ahead to future work.

Related work

In traditional software evolution temporal consistency, the issue of temporal consistency has gradually gained attention with the demands of dynamic environments. Researchers have explored the formalization of consistency in dynamic evolution from various perspectives, but the complex time constraints remain a challenge in such studies. For example, in 2024, Basile et al.⁹ proposed and implemented a framework using UPPAAL to model, verify, and test contract automata runtime environments, demonstrating the potential of formal timed automata in dynamic contexts. However, this study primarily focused on modeling and testing capabilities without delving into clock synchronization or temporal consistency verification during evolution. Similarly, in 2022, Kiviriga et al.¹⁰ introduced a randomized reachability analysis method in UPPAAL, which significantly enhanced error detection efficiency in temporal systems. Despite its effectiveness, this method primarily targeted static systems and did not address temporal consistency challenges in dynamic evolution processes. In 2023, Cuartas et al.¹¹ applied UPPAAL to formally verify a mechanical ventilator, showcasing its utility in high-safety environments. However, the study did not tackle temporal constraint propagation or clock synchronization during evolution, limiting its application in dynamic scenarios. Furthermore, Laursen et al.¹² in 2020, modeled and verified distributed railway interlocking systems using UPPAAL, ensuring real-time safety and correctness. Despite emphasizing multi-module interaction, the work lacked mechanisms to verify temporal consistency during module updates in evolving systems.

As a type of cyber-physical systems¹³ (CPS) application, intelligent unmanned systems have higher real-time and multi-agent coordination requirements for temporal consistency. The multi-agent interaction characteristics of these systems make it particularly important to ensure clock synchronization and time constraints during the system’s evolution. Although research on intelligent unmanned systems is still in its early stages, the issue of temporal safety constraints has gradually gained attention. For example, in 2021, Liang et al.¹⁴ proposed an intelligent and trust UAV-assisted code dissemination system for 5G-enabled industrial IoT, utilizing clock synchronization strategies to ensure data transmission’s temporal consistency. While this improved the efficiency and reliability of static synchronization, the study did not explore temporal consistency during the dynamic evolution of UAVs. Similarly, in 2021, Gholamhosseinian et al.¹⁵ analyzed vehicle classification methods in intelligent transportation systems and proposed strategies for time synchronization in multi-agent data interactions, providing valuable insights for unmanned systems. However, their approach remained focused on static environments without considering temporal consistency during dynamic evolution. In 2022, Tuo et al.¹⁶ modeled CPS systems with timed automata and conducted real-time verification, presenting a framework for temporal constraint verification. Yet, this work did not address the adjustments required for temporal constraints in dynamic evolution processes. Lastly, in 2017, Chen et al.¹⁷ proposed a self-adaptive architecture evolution method with model checking, enabling online consistency verification during adaptive evolution in dynamic environments. While effective for logical consistency, this study fell short of addressing temporal consistency, particularly for intelligent unmanned systems requiring real-time capabilities.

In conclusion, achieving temporal consistency in the dynamic evolution of intelligent unmanned system software still requires the combination of model checking and real-time analysis methods to meet the temporal consistency needs in complex multi-agent collaborative environments.

Evolutionary Temporal consistency constraint problem and verification framework

Intelligent unmanned systems typically have mobility characteristics, and their architecture differs from that of traditional system software, with a greater emphasis on global real-time performance. However, due to the complex multi-agent collaborative operation of intelligent unmanned systems, their temporal behavior states can grow exponentially. This complexity arises from the interactions and cooperation between multiple agents, which require tasks to be completed under strict time constraints. Therefore, this section first introduces the problem definition of temporal consistency constraints, followed by the principles and technical methods to be used, and concludes with the assumptions and definitions of these methods.

Temporal consistency constraints in the evolution of intelligent unmanned system Temporal behavior

During the evolution of intelligent unmanned systems, the addition, deletion, or replacement of agents may lead to changes in the temporal behavior of functional agents, thereby breaking existing related constraints. Such changes not only make it difficult to ensure the quality of evolution, but also pose a significant threat to the safety of the intelligent unmanned system. For example, Fig. 1 shows the obstacle avoidance system of an autonomous vehicle, which consists of the following main agents:

(1)
Sensor Agent (SA), responsible for collecting environmental data, with a time attribute $\:{T}_{SM}$, where $\:{T}_{SM}$ represents the data collection cycle.
(2)
Data Processing Agent (DPA), which processes the data collected by the sensor, with a time attribute $\:{T}_{DPM}$, where $\:{T}_{DPM}$ represents the data processing time.
(3)
Path Planning Agent (PPA), which plans the path based on processed data, with a time attribute $\:{T}_{PPM}$, where $\:{T}_{PPM}$ represents the path planning time.
(4)
Execution Control Agent (ECA), which controls vehicle movement and executes the path planning results, with a time attribute $\:{T}_{ECM}$, $\:{T}_{ECM}$ represents the execution control time.
(5)
Obstacle Avoidance Agent (OAA), which avoids obstacles in real-time, with a time attribute $\:{T}_{OAM}$, where $\:{T}_{OAM}$ represents the obstacle avoidance response time.

In the original system, the time flow logic is as follows:

$$\:{T}_{total}={T}_{SM}+{T}_{DPM}+{T}_{PPM}+{T}_{ECM}+{T}_{OAM}$$

Assuming the system remains stable, reliable, and safe within 25ms, after sequentially executing the sensor detection agent, data processing agent, path planning agent, execution control agent, and obstacle avoidance agent, $\:{T}_{total}$=24ms<25ms, It can be seen that all agents meet the system’s total temporal consistency constraint, ensuring that the system’s real-time requirements are satisfied. When the system needs to add a behavior decision-making agent to meet the automatic decision-making requirements, The execution control time of this agent is 6ms, and the addition of this new agent may break the temporal consistency of the system.

Specifically, in the evolving system, the new time flow logic is:

$$\:{T}_{total}={T}_{SM}+{T}_{DPM}+{T}_{PPM}+{T}_{BDM}+{T}_{ECM}+{T}_{OAM}$$

Since $\:{T}_{BDM}$=6ms, the total time increases to 30ms, exceeding the system’s time limit of 25ms, thus triggering temporal inconsistency in the system’s behavior. The inconsistency manifests as the new agent’s temporal characteristics failing to coordinate with the original system, leading to deviations in temporal behavior. Temporal inconsistency directly causes delays in execution control functions, and also affects delays in obstacle avoidance functions, preventing the system from completing tasks within the expected time, compromising the overall reliability of the system, and ultimately directly affecting the system’s safety, in severe cases, this poses a threat to personal and property safety.

Definition 1

(Evolutionary Temporal Consistency Constraint Problem): Let there be an intelligent unmanned system IUS=(X, E, T), where X={c₁, c₂, …., c_n} are agents, E={e₁, e₂, …., e_n} represent the interactions between the agents, and T={t₁, t₂, …., t_n} is the set of corresponding temporal constraint attributes for each agent x_i, The system needs to satisfy an overall time constraint T_c, i.e., $\:{t}_{1}+{t}_{2}+\dots\:+{t}_{n}=\:\le\:{T}_{c}$. If the intelligent unmanned system evolves, i.e., adds, deletes, or replaces agents, and each agent c_i corresponds to a new set of temporal constraint attributes $\:{T}^{{\prime\:}}=\{{t}_{1}^{{\prime\:}}$,$\:\:{t}_{2}^{{\prime\:}}$,…., $\:{t}_{m}^{{\prime\:}}\}$,the evolved system must also satisfy $\:{t}_{1}^{{\prime\:}}$+$\:\:{t}_{2}^{{\prime\:}}$,+….+$\:\:{t}_{m}^{{\prime\:}}$ $\:\le\:$T_c, i.e., $\:{T}^{{\prime\:}}\le\:{T}_{c}$, Then, the intelligent unmanned system is said to satisfy the temporal consistency constraint. Otherwise, if $\:{t}_{1}^{{\prime\:}}$+$\:\:{t}_{2}^{{\prime\:}}$+….+$\:\:{t}_{m}^{{\prime\:}}>$T_c, the intelligent unmanned system is said to fail to meet the temporal consistency constraint.

Therefore, it is necessary to perform temporal behavior constraint analysis and verification on the evolution of intelligent unmanned systems to ensure their consistency and reliability.

Basic principles of model checking technology and its application theory

(1)
Basic Concept of Model Checking

Model checking is an automated verification technique used to check whether a system model satisfies a given property. It constructs the system model using formal methods and uses logical formulas to describe the properties that the system is expected to satisfy. Then, it traverses all the states of the model to check if these states meet the required properties. Model checking can uncover errors in system design, especially those related to concurrency and real-time issues, which are difficult to detect using traditional testing methods. Figure 2 illustrates the basic process of the model checking method.

To model and verify the temporal consistency behavior of intelligent unmanned systems, this paper adopts the theory of timed automata for system model construction. Timed automata is a formal method used to describe and analyze the behavior of real-time systems. Based on this, a timed automata network model for the time behavior evolution of intelligent unmanned systems is constructed to analyze and check the system’s temporal consistency behavior constraints. In addition, Computation Tree Logic¹⁸(CTL) is used to describe the properties of temporal consistency constraints. The specific definitions of automata and CTL are given below.

(2)
Timed automata and timed automata networks

Timed automata, proposed by Alur and Dill, is a formal model used to describe and analyze the behavior of real-time systems. Timed automata enhance the description of time behavior by introducing clock variables and clock constraints based on traditional finite state machines. The seven-tuple for defining each timed automaton is as follows:

Definition 2

(Timed Automaton): Each timed automaton is modeled as a seven-tuple $\:TB=(S,\:\:{s}_{0},\:\:A,\:\:V,\:\:T,\:\:I,\:R)$, where:

S is the finite set of states;
$\:{s}_{0}\in\:S$ is the initial state;
A is the set of actions;
V is the set of data variables;
T is the set of clocks;
$\:I:\:S\to\:C(T,\:\:V)$ is the invariant function mapping states to a set of clock constraints.
$\:R:\:S\times\:S$ is the set of state transition relations, defining the transition conditions from one state to another.

Definition 3

(Clock Constraints): Clock constraints are the set of conditions used to describe the relationships between clock variables in a timed automaton. Suppose there is a set of clock variables $\:T=\left\{{t}_{1},\:\:{t}_{2}{,\:\:...,\:\:t}_{n}\right\}$, in the timed automaton, which increase over time. And a set of constants $\:C=\left\{{c}_{1},{c}_{2}{,...,c}_{m}\right\}$, which are used to define boundary conditions for clock constraints, such as maximum delay or trigger limits. A clock constraint $\:\varphi\:$ is usually a comparison relationship between clock variables and constants, typically expressed in inequality form: $\:\varphi\::\:{t}_{i}\sim{c}_{j}$. Where $\:{t}_{i}\in\:T$ is a clock variable, $\:{c}_{j}\in\:C$ is a constant, and $\:\sim\in\:\{<,\:\:\le\:,\:\:=,\:\:\ge\:,\:\:>\}$ represents a comparison operator.

Definition 4

(Clock Property Mapping): Suppose there is a clock property mapping $\:\:u:\:=<\:{t}_{1}=\:{c}_{1},\:\:{t}_{2}\:=\:\:{c}_{2},\:\:\dots\:,\:\:{t}_{n}={c}_{n}>$, where: $\:{T}_{i}\in\:$T, $\:T\:=\:C\cup\:V$, $\:{c}_{i}\in\:R$, and R is the set of real numbers. If the clock property mapping u satisfies the clock property constraint φ, that is, for each component i, if $\:{T}_{i}\:=\:Ci\in\:\:\varphi\:$ and satisfies the clock property constraint $\:{t}_{i}\sim\:c$, $\:\sim\in\:\{<,\:\:\le\:,\:\:=,\:\:\ge\:,\:\:>\}$, then the clock property mapping satisfies the clock property constraint $\:\varphi\:$, denoted as:$\:\:u\in\:\varphi\:$. In a timed automaton, state transitions are accompanied by the propagation of clock constraints.

Definition 5

(State and Configuration of a Timed Automaton): Suppose there is a timed automaton whose states and clock properties can be described by configurations. The configuration of a timed automaton is defined as a pair $\:<l,\:u>$, where $\:l\in\:N$ represents a location, and u represents a clock property interpretation under the set of clock property variables X of this timed automaton. The configuration describes the state of time and attribute values at a particular location.

The transformations of the configuration of a timed automaton include two types:

1)
Time progression configuration transformation: Describes the progression of time within the same state.
2)
State Transition under Configuration Change: Describes the process where an automaton moves from one state to another due to either time progression or event triggering.

Definition 6

(Timed Automata Network Configuration): A timed automata network consists of multiple timed automata interacting through synchronization and communication mechanisms. Each automaton in the network has its own state, clock, and clock constraints, and the overall system behavior is a combination of the behaviors of all automata. Configurations are used to describe the operational states of all automata in the timed automata network. A configuration can be represented as a triplet $\:(\overline{s},\:\:v,\:\:\omega\:)$, where:

$\:\overline{s}=({s}_{1},{s}_{2},\dots\:,\:{s}_{n}$) represents the current state of all automata, where $\:{s}_{i}\in\:{S}_{i}$ and $\:1\le\:i\le\:n$.
$\:v:\:{U}_{i=1}^{n}{V}_{i}\to\:Int$, represents an assignment of values to data variables.
$\:\omega\::{U}_{i=1}^{n}{C}_{i}\to\:Time$, represents an assignment of clock variable values, and $\:\omega\:$ must satisfy $\:{\bigwedge\:}_{i=1}^{n}{I}_{i}\left({s}_{i}\right)$.

Figure 3 demonstrates the evolution process of a timed automata network, showing how configurations change dynamically during the system’s operation.

(3)
Computation tree logic

To ensure the safety of intelligent unmanned systems and accurately describe the temporal consistency constraints, this paper chooses Computation Tree Logic (CTL) to model the temporal consistency behavior constraints. CTL is a branching temporal logic that can precisely describe the temporal relationships between states.

Definition 7

(Computation Tree Logic CTL):

Computation Tree Logic (CTL) is a branching-time temporal logic widely used for formal verification of concurrent and reactive systems. Let a system be modeled as a Kripke structure $\:M=(S,{\:S}_{0},\:\:R,\:\:L)$ where S is a set of states, $\:{S}_{0}\subseteq\:S$ is the set of initial states, $\:\text{R}\subseteq\:\text{S}\times\:\text{S}$ is a transition relation, and $\:L:S\to\:{2}^{AP}$ is a labeling function assigning atomic propositions from a set AP to each state.

CTL formulas are defined inductively over state formulas $\:\left(\:\varphi\:\right)$ and path formulas $\:\left(\psi\:\right)$ as follows:

Every atomic proposition $\:p\in\:AP$ is a state formula. If $\:{\:\varphi\:}_{1}$ and $\:{\:\varphi\:}_{2}$are state formulas, then: $\:{\:\varphi\:}_{1}\:\bigwedge\:{\:\:\varphi\:}_{2}\:$(logical AND), $\:{\:\varphi\:}_{1}\bigvee\:{\:\varphi\:}_{2}\:$(logical OR), $\:{\neg\:\:\varphi\:}_{1}$(logical NOT).

1.
If ψ is a state formula, then:

E$\:\psi\:\:$(there exists a path where $\:\psi\:$ holds). $\:A\psi\:$ (for all paths, $\:\psi\:$ holds).

2.
If $\:\:\varphi\:$is a state formula, then:

$\:X\:\varphi\:$ (Next: $\:\:\varphi\:$ holds int the next state). $\:F\:\varphi\:$ (Future: $\:\:\varphi\:$ will hold at some future state). $\:G\:\varphi\:$ (Globally: $\:\:\varphi\:$ holds in all future states). $\:{\:\varphi\:}_{1}U\:{\:\varphi\:}_{2}$ (Until: $\:{\:\varphi\:}_{1}$ holds until $\:{\:\varphi\:}_{2}$becomes true).

3.
Given Kripke structure M and a state $\:s\in\:S$, the satisfaction relation ⊨ is defined as:

$\:M,\:\text{s}\:\models\:\:\text{p}\:\text{i}\text{f}\text{f}\:\text{p}\:\in\:\text{L}\left(\text{s}\right).$
$\:M,\:\text{s}\:\models\:\:\neg\:\:\varphi\:\:\text{i}\text{f}\text{f}\:\text{M},\:\:s\nvDash\:\varphi\:.$
$\:M,\:s\:\models\:\:{\:\varphi\:}_{1}\:\bigwedge\:{\:\varphi\:}_{2}\:iff\:M,\:s\models\:\:{\:\varphi\:}_{1}\:and\:M,\:s\:\models\:\:{\:\varphi\:}_{2}$
$\:M,\:\text{s}\:\models\:\:E\psi\:$ iff there exists a path $\:\pi\:$ starting at s, M, $\:\pi\:\models\:\psi\:$
$\:M,\:\text{s}\:\models\:\:A\psi\:$ iff for all paths $\:\pi\:$ starting at s, M, $\:\pi\:$ $\:\models\:$ $\:\psi\:$

For a path $\:\pi\:=\:{s}_{0}\to\:{s}_{1}\to\:\dots\::$

$\:M,\:\:\pi\:\:\models\:\text{X}\:\varphi\:\:\text{i}\text{f}\text{f}\:\text{M},\text{s}1\models\:\:\varphi\:$
$\:M,\:\:\pi\:\:\models\:$ $\:F\:\varphi\:$iff $\:\exists\:k\ge\:0,M,{s}_{k}\models\:\:\varphi\:$
$\:M,\:\:\pi\:\:\models\:\text{G}\:\text{i}\text{f}\text{f}\:\forall\:k\ge\:0,M,{s}_{k}\models\:\:\varphi\:$
$\:M,\:\:\pi\:\:\models\:{\:\varphi\:}_{1}\cup\:\:{\:\varphi\:}_{2}\:\text{i}\text{f}\text{f}\:\exists\:k\ge\:0\:\text{s}\text{u}\text{c}\text{h}\:\text{t}\text{h}\text{a}\text{t}\:M,{s}_{k}\models\:{\:\varphi\:}_{2}\:and\:\forall\:j<k,M,{s}_{j}\models\:{\:\varphi\:}_{1}$

Temporal consistency constraint verification framework for evolution of intelligent unmanned systems

To achieve the temporal consistency constraint verification for the evolution of intelligent unmanned systems, this paper adopts model checking theory based on timed automata. By constructing a time behavior evolution automata model for intelligent unmanned systems, the focus is on time behavior consistency. Computation Tree Logic (CTL) is used to describe time behavior constraints, and these properties are precisely verified on the system model through rigorous formal descriptions. A depth-first search marking algorithm is also designed to verify time behavior consistency constraints. Finally, UPPAAL is used to perform temporal consistency behavior verification, where reverse search in the automata network model finds all states satisfying the logical formula TB, and checks whether the temporal consistency constraint is satisfied, thus verifying the system’s reliability and consistency. The specific verification framework is shown in Fig. 4.

Temporal consistency modeling of intelligent unmanned system evolution

Evolution modes of intelligent unmanned systems and their time consistency

Intelligent unmanned systems can evolve by adding, deleting, or replacing agents. To ensure that the temporal behavior of the system is not affected during evolution, it is necessary to analyze the temporal consistency issues under different evolution modes. Suppose an intelligent unmanned system consists of n agents, and its model is represented as $\:{N=TB}_{1}\left|\right|{TB}_{2}{\left|\right|...\left|\right|TB}_{n}$, where $\:1\:<i\le\:n,$ $\:{TB}_{i}={(S}_{i},{s}_{i0},{A}_{i},{V}_{i},{T}_{i},{I}_{i},\:{R}_{i}$), which is a time behavior automaton for any agent, where the automata can communicate via shared variables.

The following will detail the temporal consistency of three evolution modes:

(1)
Adding an agent evolution, time consistency

Adding a new agent $\:{TB}_{n+1}$, to the intelligent unmanned system, the system model will be updated to:

$$\:{N=TB}_{1}\left|\right|{\:TB}_{2}{\left|\right|\:...\left|\right|\:TB}_{n}\left|\right|\:{TB}_{n+1}$$

Assume the total time constraint of the original system be $\:{T}_{c}$, $\:\text{i}.\text{e}$.,

$$\:{T}_{1}+{T}_{2}+...+{T}_{n}={T}_{c}$$

If $\:{T}_{c}\:\sim{T}_{s}$, where $\:\sim\in\:\{<,\:\:\le\:,\:\:=,\:\:\ge\:,\:\:>\}$, then the time consistency requirement is satisfied. After adding the new agent $\:{TB}_{n+1}$, its corresponding time constraint is $\:{t}_{n+1}$. The total time constraint of the new system becomes:

$$\:{T}_{c}^{{\prime\:}}={t}_{1}+{t}_{2}+...+{t}_{n}+{t}_{n+1}$$

To maintain time consistency, $\:{T}_{c}^{{\prime\:}}$ must satisfy a certain relationship $\:{T}_{c}^{{\prime\:}}\sim\:{T}_{s}$, where ~ can take one of the following forms:

1.
If $\:{T}_{c}^{{\prime\:}}<{T}_{s}$, is required, then the time constraint $\:{t}_{n+1}$ of the new agent must satisfy:
$$\:{T}_{c}+{t}_{n+1}<{T}_{s}$$
2.
If $\:{T}_{c}^{{\prime\:}}\le\:{T}_{s}$, is required, then the time constraint $\:{t}_{n+1}$ must satisfy:
$$\:{T}_{c}+{t}_{n+1}\le\:{T}_{s}$$
3.
If $\:{T}_{c}^{{\prime\:}}={T}_{s}$, is required, then the time constraint $\:{t}_{n+1}$ must satisfy:
$$\:{T}_{c}+{t}_{n+1}={T}_{s}$$
4.
If $\:{T}_{c}^{{\prime\:}}\le\:{T}_{s}$, is required, then the time constraint $\:{t}_{n+1}$ must satisfy:
$$\:{T}_{c}+{t}_{n+1}\le\:{T}_{s}$$

If $\:{T}_{c}^{{\prime\:}}>{T}_{s}$, is required, then the time constraint $\:{t}_{n+1}$ must satisfy:

$$\:{T}_{c}+{t}_{n+1}>{T}_{s}$$

The new system satisfies the temporal consistency constraint. Figure 5 illustrates the evolution process of adding an agent to the system.

(2)
Deleting an agent evolution, time consistency

Assume the total time constraint of the original system is $\:{T}_{c}$, where $\:{T}_{c}\:\sim\:{T}_{s},\:\sim\in\:\{<,\:\:\le\:,\:\:=,\:\:\ge\:,\:\:>\}$. After deleting an agent $\:{TB}_{j}$, from the intelligent unmanned system, the system model will be updated to:

$$\:{{N}^{{\prime\:}}=TB}_{1}\left|\right|{TB}_{2}{\left|\right|...\left|\right|{TB}_{j-1}\left|\right|{TB}_{j+1}\left|\right|...\left|\right|TB}_{n}$$

After deleting agent $\:{TB}_{j}$, the original time $\:{t}_{j}$ will be removed, and the new system’s total time constraint will become $\:{T}_{c}^{{\prime\:}}={t}_{1}+{t}_{2}+...+{t}_{j-1}+{t}_{j+1}+...+{t}_{n}$. To maintain time consistency, $\:{T}_{c}\:\sim\:{T}_{s}$ is required. If the newly constructed time constraint satisfies $\:\left({T}_{c}-{TB}_{j}\right)\:\sim\:{T}_{c}^{{\prime\:}}$, the new system satisfies the temporal consistency constraint. Figure 6 shows the evolution process of deleting an agent.

(3)
Replacing an agent evolution, time consistency

Assume the total time constraint of the original system is $\:{T}_{c}$, where $\:{T}_{c}<{T}_{s}$, $\:\sim\in\:\{<,\:\:\le\:,\:\:=,\:\:\ge\:,\:\:>\}$. Replacing an agent $\:{TB}_{j}$with a new agent $\:{TB}_{j}^{{\prime\:}}$, in the intelligent unmanned system, the system model will be updated to:

$$\:{{N}^{{\prime\:}}=TB}_{1}\left|\right|{TB}_{2}{\left|\right|...\left|\right|{TB}_{j-1}\left|\right|{{TB}_{j}^{{\prime\:}}\left|\right|TB}_{j+1}\left|\right|...\left|\right|TB}_{n}$$

After replacing agent $\:{TB}_{j}$, its corresponding time constraint $\:{t}_{j}$ is replaced by $\:{t}_{j}^{{\prime\:}}$. The new system’s total time constraint becomes $\:{{T}_{c}^{{\prime\:}}=t}_{1}+{t}_{2}+...+{t}_{j-1}+{t}_{j}^{{\prime\:}}+{t}_{j+1}+...+{t}_{n}$. To maintain time consistency, it is required that $\:{T}_{c}^{{\prime\:}}\:\sim\:{T}_{s}$, i.e., $\:{{T}_{c}-{t}_{j}+{t}_{j}^{{\prime\:}}{\sim}T}_{s}$. If $\:{{t}_{j}^{{\prime\:}}-{t}_{j}\:!\sim\:T}_{s}-{T}_{c}$, the new system does not satisfy the temporal consistency constraint. Figure 7 illustrates the evolution process of replacing an agent.

The above covers all cases of system temporal consistency constraints under the three evolution modes of adding, deleting, and replacing agents in intelligent unmanned systems. The complete temporal consistency constraint is expressed using the notation $\:{T}_{c}^{{\prime\:}}\:\sim\:{T}_{s}$, $\:\sim\in\:\{<,\:\:\le\:,\:\:=,\:\:\ge\:,\:\:>\}$. This ensures that the system maintains temporal consistency under all circumstances.

Time behavior automaton for the evolution of intelligent unmanned systems

In order to analyze the temporal consistency of intelligent unmanned systems during evolution, a time behavior automaton model is introduced to describe the system’s dynamic evolution. The time behavior automaton helps characterize the time behavior characteristics of the system by defining elements such as states, clocks, clock constraints, and state transitions. Based on this, the evolution time automaton and the time automaton network for intelligent unmanned systems will be defined.

The intelligent unmanned system may undergo three types of changes during its evolution: adding agents, removing agents, and replacing agents. Each of these changes affects the system’s time behavior, so detailed modeling is required to ensure time consistency.

Adding agent evolution: Adding a new agent to the existing system introduces new states and clocks, which may affect the system’s time constraints.
Removing agent evolution: Removing an agent from the existing system reduces states and clocks, potentially causing the remaining system to fail to meet the original time constraints.
Replacing agent evolution: Replacing an agent may change the relationships and transitions of states and clocks, thus affecting the overall time behavior.

Therefore, two models are defined: the time behavior automaton for the evolution of intelligent unmanned systems and the time automaton network for the evolution of intelligent unmanned systems.

Definition 8

(Agent Time Behavior Automaton for Intelligent Unmanned Systems): A time behavior automaton for the evolution of an intelligent unmanned system can be defined as a nine-tuple$\:\:TB=(S,{s}_{0},\:\delta\:,\:A,\:V,T,\:I,\:M,\:R,E)$, where:

S is the finite set of states of the agent;
$\:{s}_{0}\in\:S$ is the initial state of the agent;
$\:\delta\::\:S\to\:\left\{Init,\:Basic,\:Composite\right\}$ is a type function that returns one of the state types;
A is the set of actions;
V is the set of data variables;
T is the set of clock variables;
$\:I:\:S\to\:\theta\:\:(C,\:V)$ is the invariant function for states, mapping a state to a clock guard formula;
M is the set of messages, including synchronous and asynchronous messages;
$\:R\subseteq\:S\times\:I\times\:A\times\:M\times\:S$ is the transition relation set, representing directed edges of state transitions.
$\:E\subseteq\:S\times\:S$: is the evolution relation set, representing state transitions during the system evolution process.

By defining the time behavior automaton for the evolution of intelligent unmanned systems, the system’s evolution behavior in terms of states, clocks, and time constraints can be captured. The evolution relation set E is particularly used to describe state transitions during the process of adding, removing, or replacing agents, which helps verify time consistency.

Definition 9

(Global Time Automaton Network for Intelligent Unmanned Systems):A time automaton network for the evolution of an intelligent unmanned system can be defined as a four-tuple $\:\text{N}\text{T}\text{B}=\left(N,V,T,I\right)$, where:

$\:N=\{{TB}_{1},{TB}_{2},\dots\:,{TB}_{n}\}$: A set of time behavior automatons, representing the time behavior of all agents in the system.
$\:{V=\text{U}}_{i=1}^{n}{V}_{i}$: A set of global data variables, composed of the variable sets of each agent.
$\:{T=\text{U}}_{i=1}^{n}{T}_{i}$: A set of global clock variables, composed of the clock sets of each agent.
$\:{I=\text{U}}_{i=1}^{n}{I}_{i}$: A set of global invariance constraints, containing the time invariance constraints of all agents.

CTL description of Temporal consistency in the evolution of intelligent unmanned systems

To formally describe and verify the temporal consistency of intelligent unmanned systems during their evolution, Computation Tree Logic (CTL) is employed to logically represent time behavior. CTL enables the verification of whether the system satisfies its temporal constraints during the processes of adding, removing, and replacing agents.

CTL description of Temporal consistency for adding an agent

When a new agent $\:{TB}_{n+1}\:$is added to the system, we check if the new total time constraint $\:{T}_{c}^{{\prime\:}}$ still meets the system’s required temporal consistency. This is described by the formula:

$$\:{\:\varphi\:}_{TC}^{add}=AG(time\_constraint({T}_{c}^{{\prime\:}}\left)\right)$$

Here, $\:AG$ stands for global necessity, indicating that the formula must hold for all paths in the system. $\:time\_constraint\left({T}_{c}^{{\prime\:}}\right)$, is the time constraint, which defines the time limit satisfied in a certain state after the evolution of system S′ where $\:{T}_{c}^{{\prime\:}}$ is the time constraint after the evolution of the system.

CTL description of Temporal consistency for removing an agent

When an agent $\:{TB}_{j}\:$is removed from the system, we check if the remaining agents’ time constraints $\:Tc{\prime\:}$ still meet the required temporal consistency. This is represented as:

$$\:{\:\varphi\:}_{TC}^{del}=AG(time\_constraint({T}_{c}^{{\prime\:}}\left)\right)$$

Similarly, $\:AG$ represents global necessity, and $\:ime\_constraint\left({T}_{c}^{{\prime\:}}\right)$ represents the time constraint, which specifies the time limit of a certain state or operation in system S′′ where $\:{T}_{c}^{{\prime\:}}$ is the time constraint after the deletion of system S′′.

CTL description of Temporal consistency for replacing an agent

When an agent $\:{TB}_{j}$ is replaced by a new agent $\:{TB}_{j}{\prime\:}$ the formula checks whether the updated time constraints, $\:Tc{\prime\:}$ are consistent with the system’s requirements:

$$\:{\:\varphi\:}_{TC}^{rep}=AG(time\_constraint({T}_{c}^{{\prime\:}}\left)\right)$$

In this case, $\:AG$ ensures that the temporal consistency condition holds across all paths, $\:time\_constraint\left({T}_{c}^{{\prime\:}}\right)$, represents the time constraint, which specifies the time limit of a certain state or operation in system $\:S^{{\prime}{\prime}{\prime\:}}$, where $\:{T}_{c}^{{\prime\:}}$ is the time constraint after the replacement of system $\:S^{{\prime}{\prime}{\prime\:}}$.

The model transformation semantics, where the evolution operation generates a new system $\:{\text{S}}^{{\prime\:}}=evolve(S,a)$, can be represented as:

$$\:S^{\underrightarrow{a}} \text{S}^{\prime\:}\Rightarrow Verify({\text{S}}^{{\prime\:}},{\:\varphi}_{TC})$$

Through these CTL descriptions, the Temporal Consistency of intelligent unmanned systems can be formally verified in different evolution scenarios, thus ensuring the correctness and stability of the system.

Temporal consistency constraint verification algorithm and analysis for the evolution of intelligent unmanned systems

Temporal consistency constraint verification method for system evolution

Temporal consistency verification for system evolution requires validating the global time automaton network after each addition, deletion, or replacement of an agent to ensure the system’s time constraints are still met. Combining the global time automaton network model and the evolution process, every change in agents leads to changes in global network variables, clocks, and invariance constraints. Therefore, the core of verification lies in quickly evaluating the new agent’s time constraints and global temporal consistency and using model checking methods (CTL model checking) to ensure the consistency of system behavior.

The temporal consistency verification method for system evolution will be based on the following basic ideas:

(1)
After each addition, deletion, or replacement of an agent, the new time constraints $\:{T}_{c}^{{\prime\:}}$ trigger the temporal consistency check. At this point, calculate the agent’s time constraints and check whether they meet the global temporal constraints $\:{T}_{s}$.
(2)
During the evolution, update the elements of the global network NTB (agent set, variable set, clock set, and invariance constraints).
(3)
Through the clock constraint transmission mechanism, analyze whether the time properties of the new agent and existing agents cause conflicts or inconsistencies.
(4)
Choose the appropriate validation timing, which can be verification after each evolution, validation after accumulating multiple changes, or overall verification after the evolution ends.

Algorithm 1 provides the step-by-step approach to verify temporal consistency during the system evolution process.

Analysis of Temporal consistency verification in system evolution

To analyze the temporal consistency of the intelligent unmanned system during its evolution, a time behavior automaton model is introduced to describe the dynamic evolution of the system. The time behavior automaton helps characterize the system’s time behavior characteristics by defining elements such as states, clocks, clock constraints, and state transitions. Based on this, the evolution time automaton and the time automaton network of the intelligent unmanned system are established.

(a)
Evolution process of the global automaton network of the intelligent unmanned system

The evolution method of the global automaton network of the intelligent unmanned system can be described using formal methods, including operations such as adding, deleting, and replacing intelligent agents. The following is the formal description of the specific evolution process and overall logic.

Suppose the intelligent unmanned system consists of multiple intelligent agents, and the time behavior of each agent can be represented by a time automaton. The global time automaton network of the system can be represented as:

$$\:NTB=\left(N,V,T,I\right),$$

Evolution process of the global automaton network of the intelligent unmanned system

During the system’s evolution, the global time automaton network will change accordingly. Each evolution operation of the system, such as adding, deleting, or replacing an intelligent agent, will lead to changes in the global automaton network. The following is the formal description and overall logic of each operation.

(1)
Evolution of Adding Intelligent Agents: When a new intelligent agent is added, the global time automaton network NTB will change. At this point, the new intelligent agent’s time behavior automaton $\:{TB}_{new}$ is added to the set N, and the global variable set V and global clock set T are also extended, including the variables and clocks of the new agent. Additionally, the global invariant constraint set I needs to be updated to ensure that the time constraints introduced by the new agent are compatible with the existing system. Evolution of the global time automaton network:

$$\:{NTB}_{new}=(\text{N}\cup\:\{{TB}_{new}\},\text{V}\cup\:{V}_{new},\text{T}\cup\:{T}_{new},\text{I}\cup\:{I}_{new})$$

Figure 8 shows the diagram illustrating the evolution of the automata network with the addition of an agent.

Logical flow:

1.
Check whether the clocks and variables of the new agent conflict with those of the existing agents.
2.
Update the global clock constraints and verify global time consistency.
3.
Ensure the system satisfies temporal consistency requirements on all possible paths by propagating the local clock constraints of the new agent.

(2)
Deletion of agent evolution: When a current agent is removed, the agent’s time behavior automaton $\:{TB}_{i}$ in the set N is removed, and the global variable set V and global clock set T in the system are accordingly reduced. In addition, after deleting an agent, the invariance constraint set I also needs to be adjusted to remove constraints related to the agent. Evolved global time automaton network:

$$\:{NTB}_{new}\text{}=(N\setminus\:\{\:{TB}_{i}\},V\setminus\:\:{V}_{i},T\setminus\:\:{T}_{i},I\setminus\:\:{I}_{i})$$

Figure 9 illustrates the evolution of the time automaton network after agent deletion.

Logical flow:

1.
Check whether the deleted agent plays a key role in the global clock constraints.
2.
Verify the clock constraints of the remaining agents to ensure that global temporal consistency is still satisfied after the agent removal.
3.
Propagate the local clock constraints of the remaining agents and check the continued consistency of the global constraints.

(3)
Replacement of agent evolution: Replacing an agent is equivalent to removing an existing agent and adding a new one. The time behavior automaton of the new agent $\:{TB}_{new}$ will replace the time behavior automaton of the original agent $\:{TB}_{i}$. The global time automaton network needs to first remove the variables, clocks, and constraints of the old agent, and then add the relevant elements of the new agent. Evolved global time automaton network:

$$\:{NTB}_{new}=\left(\right(N\setminus\:\left\{{TB}_{i}\right\})\cup\:\{{TB}_{new}\},(V\setminus\:{V}_{i})\cup\:{V}_{new},(T\setminus\:{T}_{i})\cup\:{T}_{new},(I\setminus\:{I}_{i})\cup\:{I}_{new})$$

Figure 10 shows the evolution of the time automaton network after agent replacement.

Logical flow:

1.
Remove the clocks and variables of the old agent, then add the relevant elements of the new agent.
2.
Verify whether the clock properties and invariance constraints of the new agent are consistent with the global consistency requirements.
3.
Re-propagate the clock constraints to ensure that the replacement of the new agent does not trigger any time inconsistency.

(b)
Temporal consistency verification method in system evolution the time automaton

Network of the intelligent unmanned system evolution integrates the time behaviors of all agents, using shared variables and clocks for communication and synchronization. The global invariance constraints ensure that the system meets the time constraints of each agent during the evolution process. This model enables a systematic analysis of temporal consistency issues during the evolution process.

The core issue in temporal consistency verification is whether the evolved system can continue to meet the initially set global time constraints. To accurately describe the potential time behavior changes during evolution, we combine timed automata and CTL (Computation Tree Logic). The goal of the entire verification process is to detect whether the clock constraints in the system violate the pre-set global time constraints after evolution.

To ensure that the intelligent unmanned system still satisfies global temporal consistency constraints after evolution, the verification method includes the following key steps:

(1)
Constructing the Global Time Automaton Network: First, form a global time automaton network by combining the time behavior automata of each agent. This network includes the clock variables, invariance constraints, and state transition behaviors of all agents. As the system evolves, the global network will change.
(2)
Propagation of Local Clock Constraints and Detection of Global Clock Constraints: After each evolution operation (addition, deletion, replacement), local clock constraints need to be propagated again to ensure they satisfy the global clock constraints. For example, if an agent is replaced, its clock constraints may conflict with those of other agents, so consistency must be ensured through the propagation of clock constraints.
(3)
CTL Model Checking: The time behavior model of the system is verified using CTL. For operations such as addition, deletion, and replacement, CTL model checking is used to verify whether the system satisfies temporal consistency constraints across all possible execution paths. Specifically, the clock values for each path in the system must comply with the pre-set time constraints.

The entire evolution process is verified through the combination of timed automata and CTL, following the logic outlined below:

Addition operation: Verify the synchronization of the new agent’s clock with the global clock.

Deletion operation: Ensure that the global clock constraints remain consistent after the agent is removed.

Replacement operation: Detect the impact of the new agent’s clock and state changes on the global constraints.

As the system evolves, adding, deleting, or replacing agents causes the state space of the system to expand rapidly. This poses higher demands for clock constraint detection, especially when adding new agents, where effectively propagating clock constraints becomes a significant challenge. Since the clock constraints for each agent are local and global temporal consistency requires considering the interactions of all agents, it is necessary to ensure that the propagation of local clock constraints does not break global consistency. When replacing an agent, the new time behavior automaton may have clock properties and constraints different from those of the original agent. This uncertainty increases the complexity of the verification process, as comprehensive validation of the new time behavior must be conducted using model checking tools. The solution to the above issues requires the introduction of new clock variables and constraints into the global time automaton network when adding agents and verifying whether the new agent’s clock can synchronize with the existing agents’ clocks to ensure no inconsistency. When deleting an agent, special attention needs to be paid to whether the deleted agent plays a key role in any global clock constraints. In replacement operations, it is necessary to check whether the new agent’s clock conflicts with those of the existing agents.

Formal conversion of the timed automaton network to Kripke:

Given a timed automaton network $\:NTB=\left({TB}_{1}\right||\:{TB}_{2}{\left|\right|\dots\:\left|\right|TB}_{n},V,T,I)$, The corresponding Kripke structure $\:M=(S,\:\:{S}_{0},\:\:R,\:\:L)$ is constructed as follows:

State set:

$$\:\text{S}\:=\:\{{l}_{1},\dots\:,\:{l}_{n},\:v\:,\omega\:\},\:{l}_{1}\in\:Locs\left({TB}_{i}\right),\:v:\:V\:\to\:Z,\:{\upomega\:}\:\models\:\underset{i=1}{\overset{n}{\bigwedge\:}}\:{I}_{i}\left({l}_{i}\right)$$

其中:

$\:{l}_{1},\dots\:,\:{l}_{n}$ are the locations of each module $\:{TB}_{i}$ and $\:{l}_{i}$ belongs to the set of locations $\:Locs\left({TB}_{i}\right)$, i.e., a certain location in the module $\:{TB}_{i}$.
$\:v$ is a mapping, $\:v:\:V\:\to\:Z$, representing the value of variable$\:\:v$, where V is the set of variables and Z is the set of integers.
$\:{\Omega\:}$ is the time state, representing the time information of the system.
$\:{\upomega\:}\:\models\:\underset{i=1}{\overset{n}{\bigwedge\:}}\:{I}_{i}\left({l}_{i}\right)$ means that under the time state $\:{\upomega\:}\:$, all positions $\:{l}_{1},\dots\:,\:{l}_{n}$, satisfy the corresponding conditions $\:{I}_{i}\left({l}_{i}\right)$, where $\:{I}_{i}\left({l}_{i}\right)$ is the constraint condition for each position.

Transition relation:

$$\:R=\left\{\right(\text{s},{s}^{{\prime\:}}\left)\right|\left\{\begin{array}{c}Time\:progression:\:\exists\:\delta\:>0,{\:\omega\:}^{{\prime\:}}=\:\omega\:+\delta\:\:\wedge\:\:\:\omega\:\:\models\:I\left({l}_{i}\right)\\\:Discrete\:transition:\:\exists\:a\in\:Sync,{TB}_{i}{}^{\underrightarrow{a}}{TB}_{i}^{{\prime\:}}\end{array}\right.$$

Where:

$\:s\:$and $\:s{\prime\:}\:$are the current and next states, respectively.
$\:\omega\:$ and $\:\omega\:{\prime\:}$ are time states, representing the time values at the current and next moments.
$\:I\left({l}_{i}\right)$ is a certain condition of position $\:{l}_{i}$ in state $\:\omega\:{\prime\:}$.
$\:\delta\:>0$ represents the amount of time progression, and$\:\:\omega\:{\prime\:}\models\:I\left({l}_{i}\right)$ means that after the time progression, the condition of position $\:{l}_{i}$ is satisfied.
$\:a$ is the synchronization operator (belongs to the synchronization set Sync).
$\:{{TB}_{i}}^{\underrightarrow{a}}{TB}_{i}^{{\prime\:}}$ represents a discrete transition from position $\:{TB}_{i}$ to the next position $\:{TB}_{i}^{{\prime\:}}$ through action a.

Labeling function:

$$\:L\left(s\right)=\{p\in\:AP\:,\:s\models\:p\}$$

Here, the atomic propositions p include the following forms:

$$\:\left\{\begin{array}{c}Location\:predicate:\:{loc}_{i}=l\\\:Clock\:constraint:\:x\bowtie\:c\\\:Variable\:value:\:v=k\end{array}\right.$$

Where $\:AP$ is the set of atomic propositions, $\:s$ is a certain state, $\:\models\:$ means that state $\:s$ satisfies proposition $\:p$, $\:{loc}_{i}=l$ represents that position$\:\:i$ is at a specific location $\:l$, $\:x\bowtie\:c$ is the clock constraint and $\:v=k$ means that the value of variable$\:\:v$ is equal to the constant $\:k$.

Hierarchical CTL model detection algorithm

The hierarchical CTL model detects by using the hierarchical CTL model. Given the Kripke structure M and the CTL formula$\:\:\varphi\:$, it calculates and returns the set of states that satisfy the formula. This method constructs a syntax tree and computes the satisfying states for sub formulas layer by layer, ultimately deriving the set of states that satisfy the entire formula. Key steps include:

(1)
Constructing the syntax tree: Recursively parse the CTL formula $\:\:\varphi\:$ to construct its syntax tree. For atomic propositions, return the node directly; for composite formulas, recursively parse their sub formulas and create nodes.
(2)
Hierarchical traversal of the formula: Use a hierarchical traversal method to traverse the syntax tree, generating the hierarchical set of sub formulas. Starting from the atomic formulas at the lowest level, the composite formulas are gradually parsed upwards, ensuring the formula is expanded layer by layer according to its structure.
(3)
Layered computation of state sets: For each layer of the sub formula [$\:\psi\:$], update the state set labels[$\:\psi\:$] according to its type. Depending on the type of the formula. Different methods are used to compute the set of states that satisfy the formula, and the state set is gradually updated through set operations.
(4)
Return the satisfying state set: After processing all layers of the sub formulas, finally return labels[$\:\psi\:$], the set of states that satisfy the given CTL formula $\:\psi\:$.

As shown in Fig. 11, based on the hierarchical idea mentioned above, we have designed Algorithm 2, namely the hierarchical CTL model check algorithm.

Proposition 1

(Preserving Evolutionary Time Consistency):Suppose that in the intelligent unmanned system, the time evolution of all agents $\:N=\{{TB}_{1},{TB}_{2},\dots\:,{TB}_{n}\}$ follows the established synchronized evolution rules, and each $\:{TB}_{i}$ at each state update $\:{TB}_{i}\underrightarrow{{T}_{global},{T}_{i},{\varphi\:}_{i}}{TB}_{i}^{{\prime\:}}$ relies on the shared global clock $\:{T}_{global}$ and its local time constraint $\:{T}_{i}$. If the following conditions are met: each TB in the system is updated according to the set evolution rules within a finite number of steps, and the update process strictly follows $\:TB\sim{T}_{i}$ and $\:TB\sim{T}_{global}$, then the overall time evolution process of the system can maintain time consistency.

Proof

Each agent $\:{TB}_{i}$ relies on a global clock $\:{T}_{global}$and a local clock $\:{T}_{i}$, According to definition 2, state transitions$\:{TB}_{i}\to\:{TB}_{i}^{{\prime\:}}$ are governed by the state transition relation $\:R:\:{S}_{i}\times\:{S}_{i}^{{\prime\:}}$ and the clock synchronization mechanism $\:{C(T}_{global},\:{T}_{i},{\varphi\:}_{i})$, which ensures that the local clock $\:{T}_{i}$ is synchronized with the global clock $\:{T}_{global}$. The system evolves through at most $\:n$ state updates, with each update following $\:TB\:\sim\:{T}_{i}$ and $\:TB\:\sim\:{T}_{global}$. Each state update undergoes a clock synchronization check to ensure that the local clock is consistent with the global clock, thereby ensuring time consistency. This completes the proof.

In summary, the system’s evolution process within a finite number of steps satisfies the temporal consistency requirements, meaning that in each state update, both the local and global clocks remain consistent. Therefore, assuming all evolutions are completed within a finite number of steps and follow time synchronization rules, the temporal consistency of the system can be guaranteed.

we design Algorithm 3,Evolution verification process.

Case Study

This paper uses the intelligent autonomous vehicle system as an example of the evolution of intelligent unmanned systems. This system consists of unique agents, such as sensors, control agents, and actuators, and can be modeled and analyzed within the time behavior automaton network. As the intelligent unmanned system evolves, key components in vehicles and aircraft may be added or replaced, leading to changes in the system’s time behavior. By performing temporal consistency verification of these changes, the stability and reliability of the system during the evolution process can be ensured.

Timed Automata Modeling Tool

UPPAAL¹⁹ is a timed automata modeling and model verification tool jointly developed by Uppsala University in Sweden and Aalborg University in Denmark. It primarily models the behavior of real-time systems and uses Computation Tree Logic (CTL) to describe system properties, which can then be verified using this tool. The visual user interface of UPPAAL consists of three main components:

Editor: Used to create and edit timed automata templates as well as global and system declarations.

Simulator: Used to simulate and track changes in the system’s state and variable values.

Verifier: Used to input logical properties for verification and display the verification results and counterexamples in the simulator.

Through these three components, UPPAAL provides users with a comprehensive and user-friendly interface that supports the entire process from model creation and simulation to verification, enabling efficient modeling and analysis of real-time systems.

Evolution of Real-World Intelligent Unmanned Systems

During the evolution of intelligent unmanned systems, the system may undergo component additions, deletions, or replacements, which will affect its time behavior. Next, through the specific example of a car, we demonstrate how to use the timed automata modeling tool UPPAAL to perform evolutionary verification of the intelligent unmanned system and ensure its temporal and spatial consistency.

The intelligent autonomous vehicle system²⁰ adopts an agent-based design, including agents for environmental data collection, data processing, path planning, execution control, and obstacle avoidance. The agents are synchronized and communicate via bus signals, and each agent is equipped with a reaction time monitoring mechanism and error detection functionality to promptly detect and address potential issues. The system’s time-checking agent is responsible for monitoring the total execution time at each stage of the process, ensuring that the set performance requirements are met.

The abstract model framework of the system before evolution is shown in Fig. 12. This figure illustrates the initial system structure, including the agents and their interactions before any evolutionary changes are made.

(a) Pre-Evolution System Modeling:

(1)
Sensor Model

In the intelligent unmanned system, the sensor agent collects environmental data (e.g., obstacles, road conditions, traffic signals) in real time and transmits it to the data processing agent. This agent’s operation underpins the system’s decision-making. The sensor system operates in the following states: Idle, Preparing, Collecting, Transmitting, ReadyReceiving, Receiving, and Finish.

Initially, the system is in the starting state, where the total time attribute of this agent is initialized to 0, and the time attributes between each state are also set to 0 to facilitate time detection between agents. After spending the specified time to complete data collection and ensuring no errors occur, the system transitions to the data collection state. In the data collection state, the collected data is checked within a specified time, and if no errors are found, the data is transmitted. After the receiving end receives the data, it sends a synchronization signal “startDataProcessing!” to the data processing agent. Finally, the model’s runtime is calculated to determine whether it meets the required time. If it does, the system continues monitoring; otherwise, it does not meet the temporal consistency requirements. The sensor model is shown in Fig. 13.

(2)
Data Processing Model

In the intelligent unmanned system, the data processing agent is responsible for receiving data from the sensor agent, performing necessary processing and analysis, and passing the processing results to the path planning agent. The effective operation of this agent ensures that the system can make quick decisions based on real-time environmental data. The data processing agent operates in the following states: Idle, Validating, Processing, TransmittingResults, WaitingForFeedback, Finish, and SendingFinish.

After receiving the synchronization signal “startDataProcessing!” from the sensor system, the model’s time attribute is also initialized to 0, and it enters the validating state. In this state, the agent verifies the validity of the data and prepares for processing. In the Processing state, the received data undergoes the necessary analysis and computation. During this process, the agent records the time spent on processing and checks whether it exceeds the reaction time threshold. After the data undergoes processing, transfer, and other steps, the data processing is completed. The agent then sends the synchronization signal “startPathPlanning!” to the path planning model and checks whether the total time attribute of the model meets the required criteria. The data processing model is shown in Fig. 14.

(3)
Path Planning Model

In the intelligent unmanned system, the path planning agent is responsible for calculating the optimal driving path based on the information provided by the data processing agent and generating control commands to guide the vehicle to perform the corresponding operations. The effective operation of this agent ensures that the vehicle can safely and efficiently avoid obstacles and reach its destination. The path planning agent operates in the following states: Idle, Validating, Planning, TransmittingResults, WaitingForFeedback, and Finish.

After receiving the synchronization signal “startPathPlanning!” sent by the data processing agent, the path planning model performs a series of related operations, effectively calculating the driving path and making safe driving decisions based on real-time data. Through clear state definitions and state transition mechanisms, the total time attribute of the model is finally evaluated to ensure it meets the required criteria. The path planning model is shown in Fig. 15.

(4)
Execution Control Mode

In the intelligent unmanned system, the execution control agent is responsible for controlling the vehicle’s driving behavior based on the control commands provided by the path planning agent, including acceleration, deceleration, steering, and other operations. The effective operation of this agent ensures that the vehicle can drive safely and smoothly along the planned path. The execution control agent defines the following states: Idle, Wait_arb, Arb, Sending, Finishsending, and Receiving. Each template can be further refined into multiple timed automata models.

The execution control model ensures that the system can accurately translate the path planning agent’s commands into the vehicle’s actual actions within a specified time, guaranteeing safe and efficient driving through the execution and feedback mechanisms. Meanwhile, the agent introduces an error detection mechanism during execution to ensure that the control commands are completed within the specified time, enhancing the system’s reliability and safety. The execution control model is shown in Fig. 16.

(5)
Obstacle Avoidance Model

In the intelligent unmanned system, the obstacle avoidance agent is responsible for real-time monitoring of obstacles on the vehicle’s driving path and taking appropriate avoidance measures based on instructions from the execution control agent to ensure the vehicle’s safe operation. This agent can react promptly to avoid collisions with obstacles. During its operation, the agent ensures that the vehicle can timely and effectively avoid potential obstacles within the specified time, thus ensuring safe driving. The agent continuously monitors the environment and implements obstacle avoidance strategies, completing the total time property within the specified time. The obstacle avoidance model is shown in Fig. 17.

(6)
Total Time Detection Model

In the intelligent unmanned system, this time detection model checks whether the total time spent on the entire process after the execution of the above models meets the temporal consistency principle. The global clock is set up to record the total duration of the entire process. After the system runs, the model’s Boolean type is converted to true, and after all models have been executed, it checks whether all tasks can be completed within the specified time. The total time detection model is shown in Fig. 18.

Post-Evolution System Modeling:

(1)
Embedding a New Model

To improve positioning accuracy and response speed, the system introduces a behavior decision-making agent. This agent analyzes the collected data and combines it with path planning information to make more accurate response judgments. Eventually, the system evolves into a structure that includes both new and old agents. Using the UPPAAL modeling tool, the new and old system structures are modeled separately, and temporal consistency checks are performed using the verification tool, ensuring that regardless of the combination of agents, the system’s response time meets real-time requirements. The abstract model framework of the modified system is shown in Fig. 19.

In the intelligent unmanned system, a decision-making agent is introduced to improve system positioning accuracy, speed up response times, and optimize path selection. By analyzing environmental data in real-time, the agent can dynamically adjust the vehicle’s behavior. This agent enhances coordination among various agents, achieving system efficiency and safety. The behavior decision-making model has idle state (Idle), decision data state (DecMaking), execution plan A state (ExeOp_A), execution plan B state (ExeOp_B), plan A feedback state (A_Feedback), plan B feedback state (B_Feedback), and judgment state (Judgment) during operation.

After receiving the synchronization signal from the path planning agent, the model creates two plans and determines the time required for executing Plan A and Plan B. It then determines whether both plans, A and B, can complete a series of operations within the specified time, and checks if the total time property meets the requirements. The behavior decision-making model is shown in Fig. 20.

(2)
Modification of Specific Agents

When introducing a new execution control agent, the original old agent must be replaced. This new agent has been optimized in design and implementation, significantly improving the system’s performance. Through improved algorithms and processing workflows, the new agent not only increases operational efficiency but also effectively shortens the completion time of various tasks, thereby better meeting the real-time requirements of the intelligent unmanned system. This initiative aims to enhance the overall responsiveness and stability of the system, providing more reliable support for subsequent decision-making and execution. The modified execution control agent is shown in Fig. 21.

(3)
Deletion of Specific Agents

When optimizing the system, existing agents must be evaluated and the obsolete ones deleted. By analyzing system performance and functional requirements, certain agents are removed to improve the overall architecture’s simplicity and efficiency. This process aims to eliminate redundancy, ensure better coordination among the system’s components, and enhance cooperation between the agents. By reducing unnecessary complexity, the system will be able to complete tasks in less time, while improving stability and responsiveness, thereby optimizing the overall performance of the intelligent unmanned system. In this case, an extreme approach is taken by retaining only four basic states—Idle, Checking, Collecting, and Transmitting—so that the sensor agent can function We evaluate our approach through model checkingnormally. The new sensor model is shown in Fig. 22.

To assess the scalability of the proposed method, we apply a parametric adjustment approach to the intelligent unmanned system model, using the total agent types as parameters (denoted as model). The model consists of six core components: Sensor Module (SM), Data Processing Module (DPM), Path Planning Module (PPM), Behavior Decision Module (BDM), Execution Control Module (ECM), Obstacle Avoidance Module (OAM), and Time Check module (TC). The experiments record four key metrics for each module: (1) time attributes (denoted as TT_XX where XX is the module abbreviation, representing the Total Time threshold in milliseconds), (2) consistency compliance, (3) storage consumption, and (4) verification time under different evolutionary models. The experimental hardware platform is a PC with an i7-2.30 GHz processor, 16.0 GB of RAM, running Windows 10 Professional, with UPPAAL version 5.0.0 Academic Edition.

Description of the system execution model

The execution model of this system consists of two parts: serial chains and parallel branches:

Core serial chain: The sensor (SM)→data processing (DPM) → path planning (PPM) → execution control (ECM) forms a strict sequential execution chain, with state flags enforcing the sequence: SM_done → DPM_done → PPM_done → ECM_done. It is shown in Fig. 23.

Parallel branches: The obstacle avoidance module (OAM) and decision-making module (BDM) execute in parallel with the serial chain, and their time consumption overlaps with the serial chain.

$$\:T\_parallel\:=\:max(T\_OAM,\:T\_BDM)$$

Global time constraint: The system’s final time is the maximum value of both and is compared with the time limit.

$$\:T\_total\:=\:max(T\_serial,\:T\_parallel)\:\le\:\:MAX\_TIME$$

The overall time constraint is determined by comparing the maximum value of serial/parallel times, while the local time constraints are compared within the system:

$$\:A\left[\:\right]\:\left(max\right(global\_clock\_S,\:global\_clock\_P)\:<=\:MAX\_TIME)$$

The dataset used in this study originates from the simulation results of the intelligent unmanned system model. The dataset was generated by performing multiple simulations of the system, involving the addition, deletion, and replacement of agents at different evolutionary stages. The specific data includes time attributes, temporal consistency verification results, storage consumption, and verification time for each model. All experimental data and model code can be accessed through the following link: https://github.com/02hao72/Model-Checking.git. This repository contains complete model files and experimental parameters.

The experimental data before, after, and during evolution are shown in Table 1. The experimental data for the modified evolutionary model is listed in the right half of Table 1. Since the pre-evolution model does not involve verification of evolution, this part of the data remains unchanged. For relevant attributes, UPPAAL will stop verification once a counterexample is found. Therefore, the recorded data, including whether the constraints are met, time, and space consumption, refers to the data encountered (including) before the counterexample in the depth-first traversal process. After the evolutionary model is modified, we perform verification again. The resulting data is shown in Table 1, with the pre- and post-modification results represented in the upper and lower parts, respectively. (Where R/V = residential/virtual, CC = Comply with time constraints, NCC = Not Comply with time constraints).

Table 1 Summary of experimental Data.

Full size table

To verify the reliability of the model in non-ideal environments, we designed the extreme condition test scenarios shown in Table 2 and evaluated the system’s fault tolerance using the fault injection method. The experimental setup continues the hardware platform configuration in Table 1 and adds the following robustness metrics.

Controlled fault injection is implemented through the $\:{inject}_{*}$ variables in UPPAAL, as shown in the code snippet below:

$$\:inject\_clockDrift\:\&\&\:TS{M}_{local}>4$$

Fault tolerance verification: A three-layer verification strategy is adopted:

(1)
Time fault tolerance: The FAULT_TOLERANCE parameter relaxes the constraints.
(2)
State recovery: Verify the EF Recovery State property.
(3)
Degraded mode: Activated when $\:{T}_{global}>MAX\_Time\:+FAULT\_TOLERANCE$.
(4)
Recovery success rate: (Number of successful recoveries)/(Total number of fault injections) × 100%.
(5)
Maximum recovery time: The time from fault occurrence to when fallback_activate = false.

Robustness verification results under extreme conditions:

Table 2 Robustness verification results.

Full size table

The experiment proves that in single-point failure scenarios, the system can maintain over 92%-time consistency. In the case of multiple failures, the system maintains basic functionality through degraded mode.

The above experiment shows that even under extreme conditions, the system can still ensure the execution of core functions and recover normal operation within the set recovery time, meeting the robustness constraints set in the paper.

From Table 1, we can see that:

The state transition process of the evolutionary models aligns with the expected logic. The system can successfully complete tasks such as environment data collection, processing, path planning, and obstacle avoidance in various models, while maintaining the correctness of time constraints.
In all experimental scenarios, the algorithm can accurately determine whether the system complies with temporal consistency constraints. For models that do not comply with the constraints, UPPAAL quickly finds counterexamples and terminates verification, greatly reducing unnecessary computational overhead.
During depth-first traversal, when the number of agents or states increases, the verification time and space consumption rise, but the overall time complexity remains within a reasonable range.

Through experimental analysis, the proposed intelligent unmanned system evolution model and verification method demonstrate the following properties:

(1)
Time consistency: Through the evolution of the model and the application of the verification algorithm, the system maintains temporal consistency during the execution of tasks in various modules. The experiments show that the system can complete tasks within the specified time frame, thereby meeting the system’s real-time requirements.
(2)
Robustness: The proposed model and algorithm exhibit strong robustness when handling interactions between different states and modules. Under different experimental conditions, even when state changes occur, the system can still maintain the logical correctness of data transmission, path planning, and feedback processing. This property ensures the system’s core functionality remains effective under unexpected or extreme conditions.
(3)
Resource consumption stability: The experiments compare the storage space and verification time before and after the model evolution, showing that the system’s resource consumption becomes more stable after evolutionary optimization. Despite the increase in task complexity for the intelligent unmanned system, resource consumption did not show a significant rise.

Conclusion

This research proposes a temporal consistency verification method for intelligent unmanned systems in dynamic evolutionary environments. By introducing a timed automaton model to describe the system’s dynamic evolution process and using CTL model checking techniques, we constructed and verified the temporal consistency of the system’s modules during evolution. Specific work includes designing a set of evolutionary automaton network models based on timed automata, defining changes in time constraints when adding, deleting, and replacing modules, and proposing detailed verification algorithms to ensure the system meets the initially set time behavior constraints. Verification of temporal consistency under different evolutionary scenarios showed that the method is effective in complex unmanned system evolutionary contexts. Unlike traditional methods focused on spatial consistency verification, this study fills the gap in research on time consistency. Traditional spatial consistency verification methods are used to ensure the system’s structural and state stability, but they struggle to handle time constraint changes in complex evolution. Our method dynamically adapts to structural adjustments, evaluates in real-time the impact of newly added modules on the overall time behavior during evolution, and offers greater flexibility and accuracy. Experimental results confirm the effectiveness of the method under various evolutionary scenarios, especially in terms of temporal consistency detection accuracy and response speed.

Through experimental validation, the verification method in this study has certain advantages in system evolution complexity and diversity, ensuring time behavior consistency in complex evolutionary scenarios. Despite the positive outcomes, there are still some limitations. First, as the system scale increases, the rapid expansion of the state space significantly raises computational complexity, posing higher demands on verification efficiency. Additionally, when handling complex interactions between highly concurrent modules, the performance and accuracy of the method still have room for improvement.

Future research will focus on further optimizing the temporal consistency verification method for intelligent unmanned systems, especially enhancing system adaptability to dynamic environments, improving verification efficiency, and exploring the possibility of maintaining temporal consistency online. Through further exploration, we expect to improve the time safety constraints of intelligent unmanned systems, providing reliable temporal guarantees for broader application scenarios of intelligent systems.

Data availability

All data generated or analyzed during this study are included in this published article.All experimental data and model code also can be accessed through the following link: “https://github.com/02hao72/Model-Checking.git”.

References

Bucaioni, A. et al. Continuous conformance of software architectures. In Proc. IEEE 21st Inter. Conf. on Soft. Archi., 112-122 (2024).
Jansen, A. & Bosch, J. Software architecture as a set of architectural design decisions. In Proc. 5th Work. IEEE/IFIP Conf. on Soft. Archi,109-120 (2005).
Märcker, S. Model checking techniques for design and analysis of future hardware and software systems (2021). https://nbn-resolving.org/urn:nbn:de:bsz:14-qucosa2-743742
Bérard, B. et al. Systems and Software Verification: model-checking Techniques and Tools83–86 (Springer Science & Business Media, 2013).
Wu, S. & Mao, F. Intelligent unmanned aerial vehicle flight control and task execution system. In Proc. 2nd Inter. Conf. on Rob., Artif. Intel. and Intel. Cont. 75-78 (2023).
Rashid, A. B. & Kausik, A. K. AI revolutionizing industries worldwide: A comprehensive overview of its diverse applications. Hyb Advan. 7, 100277 (2024).
Article Google Scholar
Jha, S. et al. Safe autonomy under perception uncertainty using chance-constrained Temporal logic. Jour Auto Reas. 60, 43–62 (2018).
MathSciNet Google Scholar
Baier, C. & Katoen, J. P. Principles of Model Checking (MIT Press, 2008).
Basile, D. Modelling, verifying and testing the contract automata runtime environment with uppaal. Inter. Conf. on Coor. Mod. and Lang. Cham: Springer Nature Switzerland, 93-110 (2024).
Kiviriga, A., Larsen, K. G. & Nyman, U. Randomized reachability analysis in UPPAAL: fast error detection in timed systems. Inter Jour Soft Tech. Tran. 24 (6), 1025–1042 (2022).
Google Scholar
Cuartas, J. et al. Formal verification of a mechanical ventilator using UPPAAL. In Proc. the 9th ACM SIGPLAN Inter. Work. on For. Tech.for Saf.-Cri. Syst, 2-13 (2023).
Laursen, P. L., Trinh, V. A. T. & Haxthausen, A. E. Formal modelling and verification of a distributed railway interlocking system using UPPAAL. In Proc. 9th Inter. Symp. on Lever. Appli. of For. Meth., 415-433 (2020).
Lee, J., Bagheri, B. & Kao, H. A. A cyber-physical systems architecture for industry 4.0-based manufacturing systems. Manuf. Lett. 3, 18–23 (2015).
Article Google Scholar
Liang, J. et al. An intelligent and trust UAV-assisted code dissemination 5G system for industrial internet-of-things. IEEE Trans. Ind. Infor. 18 (4), 2877–2889 (2021).
Article Google Scholar
Gholamhosseinian, A. & Seitz, J. Vehicle classification in intelligent transport systems: an overview, methods and software perspective. IEEE Open. Jour Intel Trans. Syst. 2, 173–194 (2021).
Article Google Scholar
Tuo, M. et al. Modeling and real-time verification for CPS based on time automata. In Proc. IEEE 22nd Inter. Conf. on Soft. Qual., Rel., and Sec. Comp. 576-579 (2022).
Chen, L. et al. Self-adaptive architecture evolution with model checking: a software cybernetics approach. Jour Sys Sof. 124, 228–246 (2017).
Article Google Scholar
Reynolds, M. An axiomatization of full computation tree logic. Jour Symb Log. 66 (3), 1011–1057 (2001).
Article MathSciNet Google Scholar
Bengtsson, J. et al. UPPAAL—a Tool Suite for Automatic Verification of real-time Systems (Springer, 1996).
Chen, J., Sun, J. & Wang, G. From unmanned systems to autonomous intelligent systems. Engineering 12, 16–19 (2022).
Article Google Scholar

Download references

Funding

This study was funded by “This research was supported by Zhejiang Provincial Natural Science Foundation of China under Grant No. LQ24F020023”, and “This Project is Supported by Ningbo Natural Science Foundation under Grant No. 2023J180”, and “A Project Supported by Scientific Research Fund of Zhejiang Provincial Education Department under Grant No. Y202351645”, and “Scientific Research Project Funded by Ningbo University of Technology under Grant No. 2040011540019”, and “Scientific Research Incubation Program of Ningbo University of Technology under Grant No. 2022TS23”.

Author information

Authors and Affiliations

School of Cyber Science and Engineering, Ningbo University of Technology, Ningbo, 315211, Zhejiang, China
Chaoze Lu, Chenghao Li, Chenxia Liu, Xianrui Wu & Yimin Huang

Authors

Chaoze Lu
View author publications
Search author on:PubMed Google Scholar
Chenghao Li
View author publications
Search author on:PubMed Google Scholar
Chenxia Liu
View author publications
Search author on:PubMed Google Scholar
Xianrui Wu
View author publications
Search author on:PubMed Google Scholar
Yimin Huang
View author publications
Search author on:PubMed Google Scholar

Contributions

All authors contributed to the study conception and design. C. Lu: Conceptualization, methodology, validation, writing—review and editing, funding acquisition, supervision. C. Li: investigation, formal analysis, methodology, writing—original draf preparation, data curation, supervision. C. Liu, X. Wu and Y. Huang: Conceptualization, formal analysis, data curation, supervision. All authors reviewed the manuscript. All the authors approve the submission to this journal.

Corresponding authors

Correspondence to Chaoze Lu or Chenghao Li.

Ethics declarations

Competing interests

The authors declare no competing interests.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.

Reprints and permissions

About this article

Cite this article

Lu, C., Li, C., Liu, C. et al. Verification of temporal consistency constraints in the evolution of software for intelligent unmanned systems driven by model checking. Sci Rep 15, 21755 (2025). https://doi.org/10.1038/s41598-025-06523-7

Download citation

Received: 22 December 2024
Accepted: 09 June 2025
Published: 01 July 2025
DOI: https://doi.org/10.1038/s41598-025-06523-7