Abstract
We study the temporal robustness of temporal logic specifications and show how to design temporally robust control laws for time-critical control systems. This topic is of particular interest in connected systems and interleaving processes such as multi-robot and human-robot systems where uncertainty in the behavior of individual agents and humans can induce timing uncertainty. Despite the importance of time-critical systems, temporal robustness of temporal logic specifications has not been studied, especially from a control design point of view. We define synchronous and asynchronous temporal robustness and show that these notions quantify the robustness with respect to synchronous and asynchronous time shifts in the predicates of the temporal logic specification. It is further shown that the synchronous temporal robustness upper bounds the asynchronous temporal robustness. We then study the control design problem in which we aim to design a control law that maximizes the temporal robustness of a dynamical system. Our solution consists of a Mixed-Integer Linear Programming (MILP) encoding that can be used to obtain a sequence of optimal control inputs. While asynchronous temporal robustness is arguably more nuanced than synchronous temporal robustness, we show that control design using synchronous temporal robustness is computationally more efficient. This tradeoff can be exploited by the designer depending on the particular application at hand. We conclude the article with a variety of case studies.
1 INTRODUCTION
Time-critical systems are systems that need to satisfy stringent real-time constraints. Examples of time-critical systems include, but are not limited to, medical devices, autonomous driving, automated warehouses, and air traffic control systems. The reliability and safety of such time-critical systems greatly depend on being robust with respect to timing uncertainty. For instance, Germany’s rail network has become prone to frequent train delays, which makes scheduling and planning a difficult task [15]. It is hence natural to study temporal robustness of time-critical systems, i.e., to study a system’s ability to be robust with respect to timing uncertainty.
Temporal logics provide a principled mechanism to express a broad range of real-time constraints that can be imposed on time-critical systems [24, 30, 31, 32]. In fact, there exists a variety of temporal logics, all with their own merits, that have been explored from an analysis and control design point of view. However, the temporal robustness of systems under temporal logic specifications has not yet been studied in depth and used for control design. An initial attempt to define temporal robustness was made in [18] without, however, further analyzing properties of temporal robustness and without using it for control design. In fact, a natural objective is to design a system to be robust to previously mentioned timing uncertainties. This refers to the control design problem in which we aim to design a control law that maximizes the temporal robustness of a system. The control design problem is, however, subject to numerical challenges as the temporal robustness semantics are not differentiable so that gradient-based optimization methods are not applicable. To address this challenge, we presented a Mixed-Integer Linear Programming (MILP) encoding in our previous work [48] where we describe how to control a dynamical system in order to maximize its temporal robustness.
In this article, we introduce and analyze the notions of synchronous and asynchronous temporal robustness. While the temporal robustness as presented in [18] is similar to what we define as asynchronous temporal robustness, we provide a slightly modified definition and a detailed analysis of the synchronous and asynchronous temporal robustness. In particular, we show that these notions are sound in the sense that a positive (negative) robustness implies satisfaction (violation) of the specification in hand. Furthermore, we analyze the meaning of temporal robustness in terms of permissible time shifts in the predicates of the specification and in the underlying signal. Namely, we show that the synchronous temporal robustness represents how much the original signal can be shifted synchronously in time, i.e., when all predicates get shifted by the same amount \( \tau \); see also Figure 2. On the other hand, the asynchronous temporal robustness reflects how much the original signal can be shifted asynchronously in time, i.e., when each predicate can be shifted in time by its individual amount \( \tau _k \); see Figure 4. For both notions we present MILP encodings, following ideas of our initial work in [48], that solve the control design problem in which we aim to maximize the synchronous and asynchronous temporal robustness.
1.1 Related Work
Time-critical systems have been studied in the literature dealing with real-time systems [33, 39]. The design of task scheduling algorithms for real-time systems has been extensively studied; see, e.g., [53] for an overview. Scheduling algorithms aim at finding an execution order for a set of tasks with corresponding deadlines. Solutions consist, for instance, of periodic scheduling [52] and of event-triggered scheduling [55]. While these scheduling algorithms are useful in control design, no consideration has been given to the temporal robustness of the system. Hence, we view these works as complementary.
Another direction in the study of real-time systems is timed automata as a modeling formalism [4, 13]. Timed automata allow automatic verification using model checking tools such as UPPAAL [9]. Robustness of timed automata was investigated in [12, 25], while control of timed automata was considered in [6, 42]. A connection between the aforementioned scheduling and timed automata was made in [21].
Interestingly, timed automata have been connected to temporal logics. Particularly, it has been shown that every Metric Interval Temporal Logic (MITL) formula can be translated into a language equivalent timed automaton [5]. This means that the satisfiability of an MITL formula can be reduced to an emptiness checking problem of a timed automaton. Signal Temporal Logic (STL) [41] is in spirit similar to MITL but additionally allows to consider predicates instead of only propositions. It has been shown that STL formulas can be translated into a language equivalent timed signal transducer in [36].
Various notions of robustness have been presented for temporal logics. Spatial robustness of MITL specifications over deterministic signals was considered in [18, 20]. Spatial robustness particularly allows to quantify permissible uncertainty of the signal for each point in time, e.g., caused by additive disturbances. Other notions of spatial robustness are the arithmetic-geometric integral mean robustness [43] and the smooth cumulative robustness [27] as well as notions that are tailored for use in reinforcement learning applications [57]. Spatial robustness for stochastic systems was considered in [7, 8] as well as in [37] when considering the risk of violating a specification. Control of dynamical systems under STL specifications has first been considered in [47] by means of an MILP encoding that allows maximizing spatial robustness. Other optimization-based methods that also follow the idea of maximizing spatial robustness have been proposed in [23, 43, 45]. Another direction has been to design transient feedback control laws that maximize the spatial robustness of fragments of STL specification in [14, 35].
Analysis and control design for STL specifications focus mainly on spatial robustness, while less attention has been on temporal robustness of real-time systems. The authors in [3] proposed averaged STL that captures a form of temporal robustness by averaging over time intervals. Other forms of temporal robustness include the notion of system conformance to quantify closeness of systems in terms of spatial and temporal closeness of system trajectories [2, 17, 22]. Conformance, however, only allows to reason about temporal robustness with respect to synchronous time shifts of a signal and not with respect to synchronous and asynchronous time shifts as considered in this work. The authors in [49, 50] propose the counting linear temporal logic as a temporal logic tailored for multi-agent systems where the satisfaction of certain elementary properties requires a minimum number of agents to be involved. The authors design control laws for such specifications where agents can implement their plans asynchronously, which can account for cases when agents pause or speed up unexpectedly. Temporal robustness of stochastic signals has been considered in [38] by using risk measures. Monitoring of STL specifications under timing uncertainty when the predicate satisfaction times are not exactly known was considered in [51]. In a similar spirit, [19] considers checking global properties from timed distributed traces with inaccurate timestamps. As remarked before, temporal robustness for STL specifications was initially presented without further analysis in [18]. Temporally robust control has been considered in [34] for special fragments of STL, and in [48] for general fragments of STL using MILP encodings. In an orthogonal direction that is worth mentioning, the authors in [29, 46] consider the problem of finding temporal relaxations for time window temporal logic specifications [58].
In our initial work [48], we present the MILP encoding of the already existing notion of temporal robustness from [18]. We also work only with discrete-time signals. In contrast to our conference work [48], in this article we introduce and analyze novel synchronous and asynchronous temporal robustness notions over both discrete and continuous-time signals. We further show how these two notions relate to each other and present the MILP encodings for both notions.
1.2 Contributions and Article Outline
When dealing with time-critical systems, a natural objective is to analyze robustness to various forms of timing uncertainties and to design a control system to maximize this robustness. We consider the temporal robust interpretation of general STL formulas over continuous- and discrete-time signals. Our goal is to establish a comprehensive theoretical framework for temporal robustness of STL specifications that has not been studied before, especially from a control design point of view. We make the following contributions:
We define synchronous and asynchronous temporal robustness for STL to quantify the robustness with respect to synchronous and asynchronous time shifts in the predicates of the underlying signal temporal logic specification.
We present various desirable properties of the presented robustness notions and show that the synchronous temporal robustness upper bounds the asynchronous temporal robustness in its absolute value. Moreover, we show under which conditions these two robustness notions are equivalent.
We then study the control design problem in which we aim to design a control law that maximizes the temporal robustness of a dynamical system. To solve this problem, we present MILP encodings following ideas of our initial work in [48]. We provide correctness guarantees and a complexity analysis of the encodings.
All theoretical results are highlighted in three case studies. Particularly, we show how the proposed MILP encodings can be used to perform temporally robust control of multi-agent systems.
The remainder of the article is organized as follows. Section 2 provides background on STL. In Section 3, the synchronous and asynchronous temporal robustness is introduced. Soundness properties of temporal robustness are presented in Section 4, while the properties with respect to time shifts are presented in Section 5. In Section 6 we present MILP encodings to solve the temporally robust control problem. Extensive simulations and case studies are presented in Section 7. Finally, we summarize with conclusions in Section 8.
2 BACKGROUND ON SIGNAL TEMPORAL LOGIC (STL)
Let \( \mathbb {R} \) and \( \mathbb {Z} \) be the set of real numbers and integers, respectively. Let \( \mathbb {R}^n \) be the n-dimensional real vector space. The supremum operator is written as \( \sqcup \) and the infimum operator is written as \( \sqcap \). We define the set \( \mathbb {B}:=\lbrace \top ,\bot \rbrace \), where \( \top \) and \( \bot \) are the Boolean constants true and false, respectively. We also define the sign function as \( \begin{equation*} \operatorname{sign}(x):={\left\lbrace \begin{array}{ll} 1,&\text{if }x\ge 0,\\ -1 &\text{if }x\lt 0. \end{array}\right.} \end{equation*} \)
In general, we say that a signal \( \mathbf {x} \) is a map \( \mathbf {x}:\mathbb {T}\rightarrow X, \) where \( \mathbb {T} \) is a time domain and where the state space X is a metric space. In this work, we particularly consider the cases of real-valued continuous-time signals which naturally include the case of discrete-time signals. In other words, the state space is \( X\subseteq \mathbb {R}^n \) and the time domain is either \( \mathbb {T}:=\mathbb {R} \) or \( \mathbb {T}:=\mathbb {Z} \).1 For any set \( \mathbb {T} \) we denote by \( \overline{\mathbb {T}} = \mathbb {T}\cup \lbrace \pm \infty \rbrace \); for instance, \( \overline{ \mathbb {R}}:=\mathbb {R}\cup \lbrace \pm \infty \rbrace \) and \( \overline{\mathbb {Z}}:=\mathbb {Z}\cup \lbrace \pm \infty \rbrace \) are the extended real numbers and integers, respectively. Finally, we denote the set of all signals \( \mathbf {x}: \mathbb {T}\rightarrow X \) as the signal space \( X^{\mathbb {T}} \).
2.1 Signal Temporal Logic
For a signal \( \mathbf {x}:\mathbb {T}\rightarrow X \), let the signal state at time step t be \( x_t\in X \). Let \( \mu :X\rightarrow \mathbb {R} \) be a real-valued function and let \( p:X\rightarrow \mathbb {B} \) be a predicate defined via \( \mu \) as \( p(x) :=\mu (x) \ge 0 \). Thus, a predicate \( \mu \) defines a set in which p holds true; namely p defines the set \( \lbrace x\in X\;|\;\mu (x)\ge 0\rbrace \) in which p is true. Let \( AP :=\lbrace p_1,\ldots ,p_L\rbrace \) be a set of L predicates defined via the set of predicate functions \( M:=\lbrace \mu _1,\ldots ,\mu _L\rbrace \). Let I be a time interval of the form \( [a,b] \), \( [a,b) \), \( (a,b], \) or \( (a,b), \) where \( a,b\in \mathbb {T} \), \( 0 \le a \le b \). For any \( t\in \mathbb {T} \) and a time interval \( I\subseteq \mathbb {T} \), we define the set \( t+I :=\lbrace t+\tau \,|\, \tau \in I\rbrace \).
The syntax of Signal Temporal Logic (STL) is defined as follows [41]: \( \begin{equation*} \varphi ::=\top \ |\ p\ |\ \lnot \varphi \ |\ { \varphi _1} \wedge \varphi _2 \ |\ \varphi _1 {\mathcal {U}_I} \varphi _2, \end{equation*} \) where \( p\in AP \) is a predicate; \( \lnot \) and \( \wedge \) are the Boolean negation and conjunction, respectively; and \( \mathcal {U}_I \) is the Until temporal operator over an interval I. The disjunction (\( \vee \)) and implication (\( \Rightarrow \)) are defined as usual. Additionally, the temporal operators Eventually (\( \Diamond \)) and Always (\( \square \)) can be defined as \( \Diamond _I\varphi :=\top \mathcal {U}_I\varphi \) and \( \square _I\varphi :=\lnot \Diamond _I\lnot \varphi \).
Formally, the semantics of an STL formula \( \varphi \) define when a signal \( \mathbf {x} \) satisfies \( \varphi \) at time point t. We use the characteristic function \( \chi _\varphi (\mathbf {x},t) \), as defined in the sequel, to indicate when a formula is satisfied.
(Characteristic Function [18]).
The characteristic function \( \chi _{\varphi }(\mathbf {x},t): X^{\mathbb {T}}\times \mathbb {T}\rightarrow \lbrace \pm 1\rbrace \) of an STL formula \( \varphi \) relative to a signal \( \mathbf {x} \) at time t is defined recursively as (1) \( \begin{equation} \begin{aligned}\chi _p(\mathbf {x}, t) &:=\operatorname{sign}(\mu (x_t)), \\ \chi _{\lnot \varphi }(\mathbf {x},t) &:=-\chi _ \varphi (\mathbf {x},t), \\ \chi _{ \varphi _1 \wedge \varphi _2}(\mathbf {x},t) &:=\chi _{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \chi _{ \varphi _2}(\mathbf {x},t), \\ \chi _{ \varphi _1 \mathcal {U}_I \varphi _2}(\mathbf {x},t) &:=\bigsqcup _{t^{\prime }\in t+ I} \left(\chi _{ \varphi _2}(\mathbf {x},t^{\prime }) \ \sqcap \ \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \chi _{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \right). \end{aligned} \end{equation} \)
When \( \chi _\varphi (\mathbf {x},t)=1 \), it holds that the signal \( \mathbf {x} \) satisfies the formula \( \varphi \) at time t, while \( \chi _\varphi (\mathbf {x},t)=-1 \) indicates that \( \mathbf {x} \) does not satisfy \( \varphi \) at time t.
While these semantics show whether or not a signal \( \mathbf {x} \) satisfies a given specification \( \varphi \) at time t, there have been various notions of robust STL semantics. These robust semantics measure how robustly the signal \( \mathbf {x} \) satisfies the formula \( \varphi \) at time t. One widely used notion analyzes how much spatial perturbation a signal can tolerate without changing the satisfaction of the formula. Such spatial robustness was presented in [20] and indicates the robustness of satisfaction with respect to point-wise changes in the value of the signal \( \mathbf {x} \) at time t, i.e., changes in \( x_t \). However, in this article we are interested in an orthogonal direction by considering temporal robustness. For a lot of systems, one should not only robustly satisfy the spatial requirements but also robustly satisfy the temporal requirements. In this article, we hence focus on timing perturbations, which we define in terms of the time shifts in the predicates \( p_k \) of the formula \( \varphi \).
3 TEMPORAL ROBUSTNESS
In this section, we introduce synchronous and asynchronous temporal robustness to measure how robustly a signal \( \mathbf {x} \) satisfies a formula \( \varphi \) at time t with respect to time shifts. In particular, these notions quantify the robustness with respect to synchronous and asynchronous time shifts in the predicates of the formula \( \varphi \). While one can argue that the asynchronous temporal robustness is a more general notion of temporal robustness, we show that the synchronous temporal robustness is easier to calculate, which is a useful property as it induces less computational complexity during control design. We also show that the synchronous temporal robustness is an upper bound to the asynchronous temporal robustness. We remark that the idea of asynchronous temporal robustness was initially presented in [18]. We provide a slightly modified definition and complement the definition with formal guarantees in Sections 4 and 5 and show how it can be used for control design in Section 6.
3.1 Synchronous Temporal Robustness
We first define the notion of left and right synchronous temporal robustness. The idea behind synchronous temporal robustness is to quantify the maximal amount of time by which we can shift the characteristic function \( \chi _\varphi (\mathbf {x}, t) \) of \( \varphi \) to the left and right, respectively, without changing the value of \( \chi _\varphi (\mathbf {x}, t) \).
(Synchronous Temporal Robustness).
The left and right synchronous temporal robustness \( \eta ^{\pm }_\varphi (\mathbf {x},\! t):X^{\mathbb {T}}\! \times \! \mathbb {T}\! \rightarrow \!\overline{\mathbb {T}} \) of an STL formula \( \varphi \) with respect to a signal \( \mathbf {x} \) at time t are defined as2 (2) \( \begin{align} \eta ^+_\varphi (\mathbf {x},t) &:=\chi _\varphi (\mathbf {x}, t)\cdot \sup \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in [t,t+\tau ],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t)\rbrace , \end{align} \) (3) \( \begin{align} \eta ^-_\varphi (\mathbf {x},t) &:=\chi _\varphi (\mathbf {x}, t)\cdot \sup \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in [t-\tau ,t],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t)\rbrace . \end{align} \)
For brevity, we often use the following notation to represent left or right temporal robustness:
\( \begin{equation*} \eta ^{\pm }_\varphi (\mathbf {x},t):=\chi _\varphi (\mathbf {x}, t)\cdot \sup \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in t\pm [0,\tau ],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t)\rbrace . \end{equation*} \)Take a look at Figure 1. The signal \( \mathbf {x}:=[\mathbf {x}^{(1)},\, \mathbf {x}^{(2)}] \) presented in Figure 1(a) is finite and discrete-time; its state at each time step \( t=0,\ldots ,9 \) is \( x_t:=[x_t^{(1)},\,x_t^{(2)}]\in \mathbb {R}^2 \). Let the two predicates be \( p:=x^{(1)}_t\ge v_{\max } \) and \( q:=x^{(2)}_t\ge v_{\max } \) for some given \( v_{\max } \). The characteristic functions for the predicates p and q and the STL formulas \( \varphi _1:=p\wedge q \) and \( \varphi _2:=p\vee q \) are shown in Figure 1(b). The evolution of the left synchronous temporal robustness \( \eta ^+_\varphi (\mathbf {x},t) \), \( t=0,\ldots ,9 \) for the STL formulas \( \varphi _1 \) and \( \varphi _2 \) is presented in Figure 1(c). For instance, consider the time point \( t=0 \) and the formula \( \varphi _2 \). Since \( \chi _{\varphi _2}(\mathbf {x},0)=\chi _{\varphi _2}(\mathbf {x},1)=\chi _{\varphi _2}(\mathbf {x},2)=1 \) and \( \chi _{\varphi _2}(\mathbf {x},3)=-1 \), then by Definition 3.1 it holds that \( \eta ^+_{\varphi _2}(\mathbf {x},0)=2 \). On the other hand, for \( \varphi _1 \) and \( t=6 \), we have that \( \chi _{\varphi _1}(\mathbf {x},6)=\chi _{\varphi _1}(\mathbf {x},7)=-1\not= 1= \chi _{\varphi _1}(\mathbf {x},8) \) so that \( \eta ^+_{\varphi _1}(\mathbf {x},6)=-1 \).
Some remarks are in place. Let \( \mathbf {s} \) be a signal that is equivalent to \( \mathbf {x} \) but shifted by \( \tau \) time units to the left, i.e., \( s_t:=x_{t+\tau } \) for all \( t\in \mathbb {T} \). Then it holds that \( \chi _\varphi (\mathbf {s}, t)=\chi _\varphi (\mathbf {x}, t+\tau) \). Similarly, \( \chi _\varphi (\mathbf {s}, t)=\chi _\varphi (\mathbf {x}, t-\tau), \) where \( \mathbf {s} \) is equivalent to \( \mathbf {x} \) shifted by \( \tau \) to the right, i.e., \( s_t:=x_{t-\tau } \) for all \( t\in \mathbb {T} \).3 This indicates, and is later formally shown in Section 5, that the left and right synchronous temporal robustness quantify the maximal amount of time by which we can synchronously shift the signal \( \mathbf {x} \) (or alternatively each predicate in \( \varphi \)) to the left and right, respectively, without changing the value of \( \chi _\varphi (\mathbf {x}, t) \).
Fig. 1. Evolution of the (a) signal, (b) characteristic function, (c) left synchronous temporal robustness, and (d) left asynchronous temporal robustness from Example 1.
3.2 Asynchronous Temporal Robustness
While the synchronous temporal robustness quantifies the amount by which we can shift all predicates synchronously in time, the left and right asynchronous temporal robustness, which are inspired by [18] and defined next, quantify the maximal amount of time by which we can asynchronously shift individual predicates in \( \varphi \) to the left and right, respectively.
(Asynchronous Temporal Robustness (Inspired by [18])).
The left and right asynchronous temporal robustness \( \theta ^{\pm }_\varphi (\mathbf {x},t) :X^{\mathbb {T}}\times \mathbb {T}\rightarrow \overline{\mathbb {T}} \) of an STL formula \( \varphi \) with respect to a signal \( \mathbf {x} \) at time t are defined recursively starting from a predicate p as (4) \( \begin{align} \theta ^+_p(\mathbf {x},t):=\chi _p(\mathbf {x}, t)\cdot \sup \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in [t,t+\tau ],\ \chi _p(\mathbf {x},t^{\prime })=\chi _p(\mathbf {x},t)\rbrace , \end{align} \) (5) \( \begin{align} \theta ^-_p(\mathbf {x},t) :=\chi _p(\mathbf {x}, t)\cdot \sup \lbrace \tau \ge 0\ :\ \forall t^{\prime }\in [t-\tau ,t],\ \chi _p(\mathbf {x},t^{\prime })=\chi _p(\mathbf {x},t)\rbrace , \end{align} \) and then applying to each \( \theta ^{\pm }_p(\mathbf {x},t) \) the recursive rules of the operators similarly to Definition. 2.1, which leads to (6) \( \begin{align} \theta ^{\pm }_{\lnot \varphi }(\mathbf {x},t) &:=-\theta ^{\pm }_ \varphi (\mathbf {x},t), \end{align} \) (7) \( \begin{align} \theta ^{\pm }_{ \varphi _1 \wedge \varphi _2}(\mathbf {x},t) &:=\theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t), \end{align} \) (8) \( \begin{align} \theta ^{\pm }_{ \varphi _1 \mathcal {U}_I \varphi _2}(\mathbf {x},t) &:=\bigsqcup _{t^{\prime }\in t+I} \left(\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime }) \ \sqcap \ \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \right). \end{align} \)
There are two subtle differences between Definition 3.2 and temporal robustness in [18, Definition 4]. First, we use the supremum operator instead of the maximum operator in our definition. The benefit is that the supremum always exists. Second, compared with [18, Definition 4], we use the characteristic function \( \chi _p(\mathbf {x}, t) \) of a predicate p instead of the characteristic function \( \chi _ \varphi (\mathbf {x}, t) \) of a formula \( \varphi \) in the definitions of \( \theta ^+_p(\mathbf {x},t) \) and \( \theta ^-_p(\mathbf {x},t) \) in Equations (4) and (5), respectively.
(continues=ex:running).
Take a look again at the signal \( \mathbf {x} \) shown in Figure 1. The evolution of the left asynchronous temporal robustness \( \theta ^+_p(\mathbf {x},t) \) , \( \theta ^+_q(\mathbf {x},t) \) , \( \theta ^+_{\varphi _1}(\mathbf {x},t), \) and \( \theta ^+_{\varphi _2}(\mathbf {x},t) \) is presented in Figure 1(d). In order to estimate the left asynchronous temporal robustness for \( \varphi _1=p\wedge q \) at time point t over the given signal \( \mathbf {x} \), one must first obtain the \( \theta ^+_p(\mathbf {x}, t) \) and \( \theta ^+_q(\mathbf {x}, t) \) values and then apply the conjunction rule (Equation (7)). For instance, \( \theta ^+_{\varphi _1}(\mathbf {x},0) :=\theta ^+_{p}(\mathbf {x},0)\,\sqcap \, \theta ^+_{q}(\mathbf {x},0) = 1 \). Analogously, one could obtain that for \( \varphi _2=p\vee q \), the left asynchronous temporal robustness \( \theta ^+_{\varphi _2}(\mathbf {x},0) :=\theta ^+_{p}(\mathbf {x},0)\,\sqcup \, \theta ^+_{q}(\mathbf {x},0) = 2 \).
Note that though the asynchronous temporal robustness \( \theta ^\pm _\varphi (\mathbf {x}, t) \) is defined in a recursive manner, the synchronous temporal robustness \( \eta ^\pm _\varphi (\mathbf {x}, t) \) does not follow the recursive rules.
4 SOUNDNESS OF TEMPORAL ROBUSTNESS FOR CONTINUOUS-TIME SIGNALS
In this section, we provide soundness results that state the relationship between the synchronous and asynchronous temporal robustness and the Boolean semantics of STL. Section 4.1 presents the main results for synchronous temporal robustness, while Section 4.2 presents analogous results for the asynchronous temporal robustness. While we provide our main results for continuous-time signals, we remark how the results simplify for discrete-time signals. The proofs of our technical results are provided in Appendix A.
4.1 Properties of Synchronous Temporal Robustness
The next theorem follows directly from Definition 3.1 and is fundamental to the correctness of our solution to the control synthesis problem defined in Section 6.
For an STL formula \( \varphi \), signal \( \mathbf {x}:\mathbb {T}\rightarrow X, \) and some time \( t\in \mathbb {T} \), the following results hold:
To illustrate the previous result, let us again consider Example 1.
(continues=ex:running).
Take a look at Figure 1 again and consider the formula \( \varphi _2 = p\vee q \). From Figure 1(c) one can see that \( \eta ^+_{\varphi _2}(\mathbf {x}, 0)=2\gt 0 \) so that, due to Theorem 4.1, \( \chi _\varphi (\mathbf {x},0)= 1 \) has to hold, which can indeed be verified in Figure 1(b). Note that when \( \eta ^{\pm }_\varphi (\mathbf {x},t) =0 \), we cannot determine if the formula is satisfied or violated.4 For instance, consider time points \( t=2 \) and \( t=4 \) in Figure 1 and note that \( \eta ^+_{\varphi _2}(\mathbf {x}, 2)=\eta ^+_{\varphi _2}(\mathbf {x}, 4)=0 \), but \( \chi _{\varphi _2}(\mathbf {x}, 2)=1 \) and \( \chi _{\varphi _2}(\mathbf {x}, 4)=-1 \).
The next result follows directly from Theorem 4.1 and represents the connection between the left and the right synchronous temporal robustness.
For an STL formula \( \varphi \), signal \( \mathbf {x}:\mathbb {T}\rightarrow X, \) and some time \( t\in \mathbb {T} \), the following properties hold:
Essentially, Corollary 4.2 follows from Theorem 4.1 and the first line states that a positive left (right) temporal robustness value implies a non-negative right (left) temporal robustness value.
In this article, we are interested in time shifts. As a first step, we next present a result toward understanding the connection between the synchronous temporal robustness \( \eta ^{\pm }_\varphi (\mathbf {x},t) \) and values of \( \tau \) for which \( \chi _{\varphi }(\mathbf {x},t) \) and \( \chi _{\varphi }(\mathbf {x},t+\tau) \) are the same. This result establishes an equivalence between the left (right) synchronous temporal robustness and the maximum time in the future (past) without changing the satisfaction of the formula. While this gives a first interpretation of temporal robustness, we analyze temporal robustness in terms of synchronous and asynchronous time shifts in the signal \( \mathbf {x} \) itself in detail in Section 5.
For an STL formula \( \varphi \), signal \( \mathbf {x}:\mathbb {R}\rightarrow X \), time \( t\in \mathbb {R}, \) and some value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), the following result holds: \( \begin{align*} |\eta ^{\pm }_\varphi (\mathbf {x}, t)|=r\quad \Longleftrightarrow \quad &\forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \qquad \text{and}\\ & \text{if } r\lt \infty , \text{ then } \forall \epsilon \gt 0,\ \exists \tau \in [r, r+\epsilon),\ \chi _{\varphi }(\mathbf {x},t \pm \tau)\not=\chi _\varphi (\mathbf {x},t). \end{align*} \)
The interpretation of Theorem 4.3 is as follows. Consider the case of finite left synchronous temporal robustness, i.e., \( \eta ^+_\varphi (\mathbf {x}, t)=r\lt \infty \). Then for all times \( t+[0, r) \), the formula satisfaction is the same; i.e., for all \( t^{\prime }\in t + [0, r) \) we have that \( \chi _\varphi (\mathbf {x}, t^{\prime })=\chi _\varphi (\mathbf {x}, t) \). Note that the interval \( [0, r) \) is right-open and that we cannot in general guarantee that \( \chi _\varphi (\mathbf {x}, t+r)=\chi _\varphi (\mathbf {x}, t) \). We can, however, guarantee that in close proximity of \( t+r \) (quantified by \( \epsilon \) in Theorem 4.3) the satisfaction \( \chi _\varphi (\mathbf {x}, t^{\prime \prime }) \) must change.
Note that the right-open interval \( [0, r) \) and the existence of \( \epsilon \) in Theorem 4.3 appears due to the \( \sup \) operator in Definition 3.1. For discrete-time signals, the interval \( [0, r) \) becomes closed and \( \epsilon \) disappears. Particularly, for the special case of a discrete-time signal \( \mathbf {x}:\mathbb {Z}\rightarrow X \) and if \( \eta ^{\pm }_\varphi (\mathbf {x}, t) \) is finite, we remark that Theorem 4.3 can instead be stated as (9) \( \begin{equation} \begin{aligned}|\eta ^{\pm }_\varphi (\mathbf {x}, t)|=r\quad \Longleftrightarrow \quad &\forall t^{\prime }\in t\pm [0, r],\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \qquad \text{and}\\ & \chi _{\varphi }(\mathbf {x},t \pm (r+1))\not=\chi _\varphi (\mathbf {x},t). \end{aligned} \end{equation} \)
The next result states that the synchronous temporal robustness \( \eta ^{\pm }_\varphi (\mathbf {x}, t) \) is a piece-wise linear function with segments either increasing with slope 1 or decreasing with slope \( -1 \), depending on \( \chi _\varphi (\mathbf {x}, t) \) and on the left or right synchronous temporal robustness.
For an STL formula \( \varphi \), signal \( \mathbf {x}:\mathbb {R}\rightarrow X \), time \( t\in \mathbb {R}, \) and some value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), the following result holds: \( \begin{equation*} |\eta ^{\pm }_\varphi (\mathbf {x}, t)|= r\quad \Longrightarrow \quad \forall \tau \in [0, r),\ |\eta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| = r-\tau . \end{equation*} \)
For the special case of a discrete-time signal \( \mathbf {x}:\mathbb {Z}\rightarrow X \) and if \( \eta ^{\pm }_\varphi (\mathbf {x}, t) \) is finite, we remark that Theorem 4.4 can instead be stated as (10) \( \begin{equation} |\eta ^{\pm }_\varphi (\mathbf {x}, t)|= r\quad \Longrightarrow \quad \forall \tau \in [0, r],\ |\eta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| = r-\tau . \end{equation} \)
The above result can be interpreted in the sense that the absolute value of the synchronous temporal robustness decreases proportionally with the amount of time shift \( \tau \). For instance, Figure 1(c) shows how the function \( \eta ^+_{p\wedge q}(\mathbf {x}, t) \) consists of the three linear segments: \( \begin{equation*} \eta ^+_{p\wedge q}(\mathbf {x}, t) = {\left\lbrace \begin{array}{ll} 1-t,&\text{if}\ t\in \lbrace 0,1\rbrace ,\\ t-7,&\text{if}\ t\in \lbrace 2,\ldots ,7\rbrace ,\\ 9-t,&\text{if}\ t\in \lbrace 8,9\rbrace . \end{array}\right.} \end{equation*} \)
4.2 Properties of Asynchronous Temporal Robustness
In this section, we provide similar soundness results for the asynchronous temporal robustness. Theorem 4.5 and Corollary 4.6, presented below, resemble Theorem 4.1 and Corollary 4.2 for the synchronous temporal robustness as one would expect. However, Theorems 4.7 and 4.8, also presented below, do not directly resemble the previous Theorems 4.3 and 4.4 due to the recursive nature of the definition for the asynchronous temporal robustness. For instance, in contrast to Theorems 4.3 and 4.7 only states a sufficient condition. In Theorem 4.8, compared to Theorem 4.4, we can only provide a lower bound instead of an equality.
For an STL formula \( \varphi \), signal \( \mathbf {x}:\mathbb {T}\rightarrow X, \) and some time \( t\in \mathbb {T} \), the following results hold:
Note that, again, the equivalence \( \theta ^{\pm }_\varphi (\mathbf {x},t) \ge 0 \Longleftrightarrow \chi _\varphi (\mathbf {x},t)= +1 \) does not hold.5 In other words, when \( \theta ^{\pm }_\varphi (\mathbf {x},t) =0, \) we cannot determine if the formula is satisfied or violated. The next result is a straightforward corollary from Theorem 4.5.
For an STL formula \( \varphi \), signal \( \mathbf {x}:\mathbb {T}\rightarrow X, \) and some time \( t\in \mathbb {T} \), the following results represent the connections between the left and the right asynchronous temporal robustness:
Similarly to the previous section and Theorem 4.3 that was stated for synchronous temporal robustness, we now analyze the connection between the asynchronous temporal robustness \( \theta ^{\pm }_\varphi (\mathbf {x},t) \) and values of \( \tau \) for which \( \chi _{\varphi }(\mathbf {x},t) \) and \( \chi _{\varphi }(\mathbf {x},t+\tau) \) are the same.
For an STL formula \( \varphi \), signal \( \mathbf {x}:\mathbb {R}\rightarrow X \), time \( t\in \mathbb {R}, \) and some value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), the following result holds: \( \begin{equation*} |\theta ^{\pm }_\varphi (\mathbf {x},t)| = r\quad \Longrightarrow \quad \forall t^{\prime }\in t \pm \,[0,r),\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t). \end{equation*} \)
Note that Theorem 4.7 only provides a sufficient condition, unlike Theorem 4.3. In other words, due to the recursive definition of the asynchronous temporal robustness, one cannot guarantee the existence of the time shift that would change the formula satisfaction as in the second line of Theorem 4.3. For instance, in Figure 1, one could get that \( \theta ^+_{p\vee q}(\mathbf {x},5)=1 \) but \( \chi _{p\vee q}(\mathbf {x},5)=\cdots =\chi _{p\vee q}(\mathbf {x},9)=1 \). For the special case of a discrete-time signal \( \mathbf {x}:\mathbb {Z}\rightarrow X \) and if \( \theta ^{\pm }_\varphi (\mathbf {x}, t) \) is finite, we remark that Theorem 4.7 can instead be stated as (11) \( \begin{equation} |\theta ^{\pm }_\varphi (\mathbf {x}, t)|=r\quad \Longrightarrow \quad \forall t^{\prime }\in t \pm \,[0,r],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t). \end{equation} \)
We next show how the asynchronous temporal robustness changes with time.
For an STL formula \( \varphi \), signal \( \mathbf {x}:\mathbb {R}\rightarrow X \), time \( t\in \mathbb {R}, \) and some value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), the following result holds: \( \begin{equation*} |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\quad \Longrightarrow \quad \forall \tau \in [0, r),\ |\theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| \ge r-\tau . \end{equation*} \)
Note that, compared to Theorem 4.4, no equality can be stated on the right side of the implication operator. One cannot guarantee the steady increase or decrease of the asynchronous temporal robustness in time and obtain an exact value of the shifted temporal robustness. In fact, one can only provide a lower bound on its value. For the special case of a discrete-time signal \( \mathbf {x}:\mathbb {Z}\rightarrow X \) and if \( \theta ^{\pm }_\varphi (\mathbf {x}, t) \) is finite, we remark that Theorem 4.8 can instead be stated as (12) \( \begin{equation} |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\quad \Longrightarrow \quad \forall \tau \in [0, r],\ |\theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| \ge r-\tau . \end{equation} \)
4.3 The Relationship between Synchronous and Asynchronous Temporal Robustness
Until now we have not yet established the precise relationship between the two notions of temporal robustness and how they relate to each other. The properties specified in the previous Sections 4.1 and 4.2 suggest some similarities and differences between these temporal robustness notions. For instance, it is easy to see from Definitions 3.1 and 3.2 that for the simple case of the specification \( \varphi \) being a predicate p the two notions are equal to each other.
\( \theta ^{\pm }_p(\mathbf {x},t)=\eta ^{\pm }_p(\mathbf {x},t) \) for any \( t\in \mathbb {T} \) and any \( \mathbf {x}:\mathbb {T}\rightarrow X \).
The following theorem shows that the asynchronous temporal robustness is upper bounded by the synchronous temporal robustness value.
Given an STL formula \( \varphi \) and a signal \( \mathbf {x}:\mathbb {T}\rightarrow X \), then for any \( t\in \mathbb {T} \), the following inequality holds: \( \begin{equation*} |\theta ^{\pm }_\varphi (\mathbf {x},t) | \le |\eta ^{\pm }_\varphi (\mathbf {x},t)|. \end{equation*} \)
Essentially, Theorem 4.10 states that the asynchronous temporal robustness is upper bounded by the synchronous temporal robustness. Together with the soundness Theorems 4.1 and 4.5, the following holds: \( \begin{align*} \chi _{ \varphi }(\mathbf {x},t)=+1 \;\;\; \Rightarrow \;\;\; 0\le \theta ^{\pm }_\varphi (\mathbf {x},t) \le \eta ^{\pm }_\varphi (\mathbf {x},t),\\ \chi _{ \varphi }(\mathbf {x},t)=-1 \;\;\; \Rightarrow \;\;\; \eta ^{\pm }_\varphi (\mathbf {x},t)\le \theta ^{\pm }_\varphi (\mathbf {x},t) \le 0. \end{align*} \)
As Example 1 suggests, the above inequalities are often strict. At this point, one may ask when equality holds. In fact, there are fragments of STL for which equality indeed holds. These STL fragments include formulas in Negation Normal Form [20], i.e., negations only occur in front of predicates and the only other allowed operators are either the conjunction and always operators, denoted by \( \varphi \in \text{STL}^{\!+}(\wedge ,\square _I) \), or the disjunction and eventually operators, denoted by \( \varphi \in \text{STL}^{\!+}(\vee ,\Diamond _I) \). For the former STL fragment, the following holds.
Consider a formula \( \varphi \in \text{STL}^{\!+}(\wedge ,\square _I) \) and a signal \( \mathbf {x}:\mathbb {T}\rightarrow X \); then for any \( t\in \mathbb {T} \) such that \( \chi _\varphi (\mathbf {x},t)=1 \) it follows that \( \eta ^{\pm }_\varphi (\mathbf {x},t)=\theta ^{\pm }_\varphi (\mathbf {x},t) \).
For \( \varphi \in \text{STL}^{\!+}(\vee ,\Diamond _I) \), we can obtain a similar result as follows.
Consider a formula \( \varphi \in \text{STL}^{\!+}(\vee ,\Diamond _I) \) and a signal \( \mathbf {x}:\mathbb {T}\rightarrow X \); then for any \( t\in \mathbb {T} \) such that \( \chi _\varphi (\mathbf {x},t)=-1 \) it follows that \( \eta ^{\pm }_\varphi (\mathbf {x},t)=\theta ^{\pm }_\varphi (\mathbf {x},t) \).
5 ROBUSTNESS OF CONTINUOUS-TIME SIGNALS WITH RESPECT TO TIME SHIFTS
So far, we have analyzed the connection between synchronous and asynchronous temporal robustness \( \eta ^{\pm }_\varphi (\mathbf {x}, t) \) and \( \theta ^{\pm }_\varphi (\mathbf {x}, t) \) and the satisfaction \( \chi _\varphi (\mathbf {x},t) \) of an STL formula \( \varphi \). In this section, we quantify the permissible synchronous and asynchronous time shifts in the signal \( \mathbf {x} \) that do not lead to a change in the satisfaction of the formula. By Definition 2.1, the satisfaction \( \chi _\varphi (\mathbf {x},t) \) of a formula \( \varphi \) is recursively defined through the characteristic functions \( \chi _{p_k}(\mathbf {x},t) \) of each predicate \( p_k\in AP \) contained in \( \varphi \). Therefore, from a satisfaction point of view, one could think about the permissible time shifts in terms of shifting the predicates via the characteristic function \( \chi _{p_k}(\mathbf {x},t) \) in time, either synchronously (all \( p_k \) together) or asynchronously (each \( p_k \) independently).
5.1 Synchronous Temporal Robustness
We start with the properties of the synchronous temporal robustness and, therefore, first define the notion of synchronous \( \tau \)-early and synchronous \( \tau \)-late signals.
(Synchronously Shifted Early and Late Signals).
Let \( \mathbf {x}\in X^{\mathbb {T}} \) be a signal, AP be a given set of predicates, and \( \tau \in \mathbb {T}_{\ge 0} \). Then
the signal \( \mathbf {x}^{\leftarrow \tau } \) is called a synchronous \( \tau \)-early signal if \( \begin{equation} \forall p_k\in AP,\ \forall t\in \mathbb {T}, \quad \chi _{p_k}^{}(\mathbf {x}^{\leftarrow \tau }, t)= \chi _{p_k}(\mathbf {x}, t+\tau); \end{equation} \)
the signal \( \mathbf {x}^{\rightarrow \tau } \) is called a synchronous \( \tau \)-late signal if \( \begin{equation} \forall p_k\in AP,\ \forall t\in \mathbb {T},\quad \chi _{p_k}(\mathbf {x}^{\rightarrow \tau }, t)= \chi _{p_k}(\mathbf {x}, t-\tau). \end{equation} \)
Figure 2 presents an example to illustrate the notion of a synchronous \( \tau \)-early signal. Figure 2(a) depicts an initial signal \( \mathbf {x}:=(\mathbf {x}_{(1)},\, \mathbf {x}_{(2)}) \). Assume that the formula of interest \( \varphi \) is built upon three predicates, i.e., \( AP:=\lbrace p_1,p_2,p_3\rbrace \), where \( p_1:=\mathbf {x}_{(1)} \ge 0 \), \( p_2 :=\mathbf {x}_{(2)}-\alpha \ge 0, \) and \( p_3 :=\mathbf {x}_{(2)} \ge 0 \), for \( \alpha \gt 0 \) as shown in Figures 2(a) and (d). Figure 2(b) shows the evolution of these three predicates \( p_1 \), \( p_2 \), and \( p_3 \) through their characteristic function \( \chi _{p_k}(\mathbf {x}, t) \) for all \( t\in \mathbb {T} \) where \( k\in \lbrace 1,2,3\rbrace \). By synchronously shifting all three characteristic functions \( \chi _{p_k}(\mathbf {x}, t) \), \( \forall t\in \mathbb {T} \) to the left by \( \tau \), we obtain \( \chi _{p_k}(\mathbf {x}, t+\tau) \), \( \forall t\in \mathbb {T} \), which are depicted in Figure 2(c). Figure 2(d) then shows one example of a signal \( \mathbf {x}^{\leftarrow \tau } \) that is a synchronous \( \tau \)-early signal due to Equation (13), as the three synchronously shifted predicates in Figure 2(c) correspond to the predicates of \( \mathbf {x}^{\leftarrow \tau } \). We remark that there exist several synchronous \( \tau \)-early signals \( \mathbf {x}^{\leftarrow \tau } \); i.e., the signal \( \mathbf {x}^{\leftarrow \tau } \) is not unique. Note that although the two coordinates of the signal \( \mathbf {x}^{\leftarrow \tau } \) in Figure 2(d) have a different shape compared to the original signal \( \mathbf {x} \) in Figure 2(a), it holds that the signal \( \mathbf {x}^{\leftarrow \tau } \) is indeed a synchronous \( \tau \)-early signal since Equation (13) is satisfied; i.e., the predicate signals are shifted synchronously as seen in Figures 2(b) and 2(c).
Fig. 2. Synchronous \( \tau \) -early signal. (a) Signal \( \mathbf {x}:=(\mathbf {x}_{(1)},\, \mathbf {x}_{(2)}) \) . (b) Evolution of the predicates \( p_1:=\mathbf {x}_{(1)} \ge 0 \) , \( p_2 :=\mathbf {x}_{(2)}-\alpha \ge 0 \) for given \( \alpha \gt 0 \) and \( p_3 :=\mathbf {x}_{(2)} \ge 0 \) over signal \( \mathbf {x} \) through their characteristic function \( \chi _{p_k}(\mathbf {x}, t) \) , \( \forall t\in \mathbb {T} \) , where \( k\in \lbrace 1,2,3\rbrace \) . (c) Evolution of predicates \( p_1 \) , \( p_2 \) , and \( p_3 \) over signal \( \mathbf {x}^{\leftarrow \tau } \) through their characteristic functions \( \chi _{p_k}(\mathbf {x}^{\leftarrow \tau }, t), \) which are equal to the characteristic functions \( \chi _{p_k}(\mathbf {x}, t) \) synchronously shifted to the left in time by \( \tau \) for all \( k\in \lbrace 1,2,3\rbrace \) and \( \forall t\in \mathbb {T} \) . (d) Synchronous \( \tau \) -early signal \( \mathbf {x}^{\leftarrow \tau } \) .
If \( \mathbf {s} \) is defined as \( s_t:=x_{t \pm \tau } \), i.e., we shift the entire signal \( \mathbf {x} \) by \( \tau \), then it holds that \( \forall p_k\in AP \) and \( \forall t\in \mathbb {T} \) and we have that \( \chi _{p_k}^{}(\mathbf {s}, t)= \chi _{p_k}(\mathbf {x}, t\pm \tau) \); i.e., \( \mathbf {s}=\mathbf {x}^{\leftrightarrows \tau } \) is a synchronous \( \tau \)-early/late signal.
The next result follows by Definitions 2.1 and 5.1.
For an STL formula \( \varphi \) built upon the predicate set AP, some \( \tau \in \mathbb {T}_{\ge 0} \), and signal \( \mathbf {x}:\mathbb {T}\rightarrow X \) it holds that \( \forall t\in \mathbb {T} \), \( \begin{equation*} \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau }, t)=\chi _\varphi (\mathbf {x}, t\pm \tau). \end{equation*} \)
Note that Corollary 5.2 is only a sufficient but not a necessary condition in the sense that there may exist signals \( \mathbf {s}\not=\mathbf {x}^{\leftrightarrows \tau } \) for which \( \chi _\varphi (\mathbf {s}, t)=\chi _\varphi (\mathbf {x}, t \pm \tau) \). For example, Figure 3(a) shows the characteristic function for the predicates p and q and the formula \( p\vee q \) over a signal \( \mathbf {x} \). Figure 3(b) shows the same functions but over another signal \( \mathbf {s} \). One can see that \( \forall t\in \mathbb {T} \), \( \chi _{p\vee q}(\mathbf {s}, t)=\chi _{p\vee q}(\mathbf {x}, t+1) \) but \( \mathbf {s}\not=\mathbf {x}^{\leftarrow 1} \). This is so because \( \chi _{p}(\mathbf {s}, t)=\chi _{p}(\mathbf {x}, t) \) and \( \chi _{q}(\mathbf {s}, t)=\chi _{q}(\mathbf {x}, t+2) \); therefore, Equation (13) is not satisfied.
Fig. 3. Predicates p and q and formula \( p\vee q \) satisfaction over (a) signal \( \mathbf {x} \) and (b) signal \( \mathbf {s} \) . One can see that \( \forall t\in \mathbb {T} \) , \( \chi _{p\vee q}(\mathbf {s}, t)=\chi _{p\vee q}(\mathbf {x}, t+1) \) but \( \mathbf {s}\not=\mathbf {x}^{\leftarrow 1} \) .
We are now ready to state the main result that establishes a connection between the synchronous temporal robustness \( \eta ^\pm _\varphi (\mathbf {x}, t) \) and the permissible time shifts \( \tau \) via \( \mathbf {x}^{\leftrightarrows {\tau }} \). We note that the proofs of all technical results presented in this section are provided in Appendix B.
Let \( \varphi \) be an STL formula built upon the predicate set AP and \( \mathbf {x}:\mathbb {R}\rightarrow X \) be a signal. For any time \( t\in \mathbb {R} \) and \( r\in \overline{ \mathbb {R}}_{\ge 0} \), it holds that \( \begin{align*} |\eta ^\pm _\varphi (\mathbf {x}, t)|=r\quad \Longleftrightarrow \quad &\forall \tau \in [0,r),\ \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau }, t)=\chi _\varphi (\mathbf {x}, t) \qquad \text{and}\\ &\text{if } r\lt \infty , \text{ then } \forall \epsilon \gt 0,\ \exists \tau \in [r, r+\epsilon),\ \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau }, t)\not=\chi _\varphi (\mathbf {x}, t). \end{align*} \)
Note particularly that the previous result closely resembles Theorem 4.3. For the special case of a discrete-time signal \( \mathbf {x}:\mathbb {Z}\rightarrow X \) and if \( \eta ^{\pm }_\varphi (\mathbf {x}, t) \) is finite, we remark that Theorem 5.3 can instead be stated as (15) \( \begin{equation} \begin{aligned}|\eta ^\pm _\varphi (\mathbf {x}, t)|=r\quad \Longleftrightarrow \quad &\forall \tau \in [0,r],\ \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau }, t)=\chi _\varphi (\mathbf {x}, t) \qquad \text{and}\\ & \chi _\varphi (\mathbf {x}^{\leftrightarrows r+1}, t)\not=\chi _\varphi (\mathbf {x}, t). \end{aligned} \end{equation} \)
5.2 Asynchronous Temporal Robustness
Let us now continue by analyzing the asynchronous temporal robustness and first define the notion of asynchronous \( \bar{\tau } \)-early and asynchronous \( \bar{\tau } \)-late signals.
(Asynchronously Shifted Signal).
Let \( \mathbf {x}\in X^{\mathbb {T}} \) be a signal, \( AP:=\lbrace p_1,\ldots ,p_L\rbrace \) be a given set of predicates, and \( \tau _1,\ldots ,\tau _L\in \mathbb {T}_{\ge 0} \). Denote \( \bar{\tau }:=(\tau _1,\ldots ,\tau _L) \). Then
the signal \( \mathbf {x}^{\leftarrow \bar{\tau }} \) is called an asynchronous \( \mathbf {\bar{\tau }} \)-early signal if \( \begin{equation} \forall p_k\in AP,\ \forall t\in \mathbb {T},\quad \chi _{p_k}^{}(\mathbf {x}^{\leftarrow \bar{\tau }}, t)= \chi _{p_k}(\mathbf {x}, t+\tau _k); \end{equation} \)
the signal \( \mathbf {x}^{\rightarrow \bar{\tau }} \) is called an asynchronous \( \mathbf {\bar{\tau }} \)-late signal if \( \begin{equation} \forall p_k\in AP,\ \forall t\in \mathbb {T}\quad \chi _{p_k}^{}(\mathbf {x}^{\rightarrow \bar{\tau }}, t)= \chi _{p_k}(\mathbf {x}, t-\tau _k). \end{equation} \)
Figure 4 presents an example to illustrate the notion of an asynchronous \( \bar{\tau } \)-early signal. Similar to Figure 2, Figures 4(a) and 4(b) show the evolution of a signal \( \mathbf {x} \) and the same three predicates of interest over this signal, respectively. In Figure 4(c) one can see each predicate \( p_k \) being asynchronously shifted to the left by an individual \( \tau _k \), where \( k\in \lbrace 1,2,3\rbrace \). Figure 4(d) shows one example of an asynchronous \( \bar{\tau } \)-early signal \( \mathbf {x}^{\leftarrow \bar{\tau }} \) as the three asynchronously shifted predicates in Figure 4(c) correspond to the predicates of \( \mathbf {x}^{\leftarrow \bar{\tau }} \); see Equation (16). Analogous to the synchronous case, the asynchronous \( \bar{\tau } \)-early signal \( \mathbf {x}^{\leftarrow \bar{\tau }} \) is not unique. Even though the two coordinates of the original signal \( \mathbf {x} \) in Figure 4(a) have a different shape compared to the signal \( \mathbf {x}^{\leftarrow \bar{\tau }} \) in Figure 4(d), the signal \( \mathbf {x}^{\leftarrow \bar{\tau }} \) is indeed an asynchronous \( \bar{\tau } \)-early signal since Equation (16) is satisfied; i.e., each predicate is shifted asynchronously by its individual amount \( \tau _k \), as seen in Figure 4(c).
Fig. 4. Asynchronous \( \bar{\tau } \) -early signal. (a) Signal \( \mathbf {x}:=(\mathbf {x}_{(1)},\, \mathbf {x}_{(2)}) \) . (b) Evolution of the predicates \( p_1:=\mathbf {x}_{(1)} \ge 0 \) , \( p_2 :=\mathbf {x}_{(2)}-\alpha \ge 0 \) for given \( \alpha \gt 0 \) and \( p_3 :=\mathbf {x}_{(2)} \ge 0 \) over signal \( \mathbf {x} \) through their characteristic function \( \chi _{p_k}(\mathbf {x}, t) \) , \( \forall t\in \mathbb {T} \) , where \( k\in \lbrace 1,2,3\rbrace \) . (c) Evolution of predicates \( p_1 \) , \( p_2 \) , and \( p_3 \) over the signal \( \mathbf {x}^{\leftarrow \bar{\tau }} \) , \( \bar{\tau }:=(\tau _1, \tau _2, \tau _3) \) through their characteristic functions \( \chi _{p_k}(\mathbf {x}^{\leftarrow \bar{\tau }}, t), \) which are equal to the characteristic functions \( \chi _{p_k}(\mathbf {x}, t) \) asynchronously shifted in time by \( \tau _k \) for each \( k\in \lbrace 1,2,3\rbrace \) and \( \forall t\in \mathbb {T} \) . (d) Asynchronous \( \bar{\tau } \) -early signal \( \mathbf {x}^{\leftarrow \bar{\tau }} \) .
Note particularly that the above Definition 5.2 allows to shift the characteristic function \( \chi _{p_k}(\mathbf {x}, t+\tau _k) \) of each predicate \( p_k \) individually (and hence asynchronously) via \( \tau _k \). This is in contrast to Definition 5.1, where we shift the characteristic function \( \chi _{p_k}(\mathbf {x}, t+\tau) \) of each predicate \( p_k \) by the same amount (and hence synchronously) via \( \tau \). We are now ready to state the main result that establishes a connection between the asynchronous temporal robustness \( \theta ^\pm _\varphi (\mathbf {x}, t) \) and the permissible time shifts \( \bar{\tau } \) in the predicates via \( \mathbf {x}^{\leftrightarrows \bar{\tau }} \).
Let \( \varphi \) be an STL formula built upon the predicate set \( AP:=\lbrace p_1,\ldots ,p_L\rbrace \) and \( \mathbf {x}:\mathbb {R}\rightarrow X \) be a signal. For any time \( t\in \mathbb {R} \) and \( r\in \overline{ \mathbb {R}}_{\ge 0} \), it holds that \( \begin{equation*} |\theta ^{\pm }_{\varphi }(\mathbf {x}, t)|=r\quad \Longrightarrow \quad \forall \tau _1,\ldots ,\tau _L\in [0, r),\quad \chi _\varphi (\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=\chi _\varphi (\mathbf {x}, t), \end{equation*} \) where \( \bar{\tau }:=(\tau _1,\ldots ,\tau _L) \).
Note that Theorem 5.4 only provides a sufficient condition, unlike Theorem 5.3. In other words, due to the recursive definition of the asynchronous temporal robustness, one cannot guarantee the existence of the time shift that would change the formula satisfaction as in the second line of Theorem 5.3. For the special case of a discrete-time signal \( \mathbf {x}:\mathbb {Z}\rightarrow X \) and if \( \theta ^{\pm }_\varphi (\mathbf {x}, t) \) is finite, we remark that Theorem 5.4 can instead be stated as (18) \( \begin{equation} |\theta ^{\pm }_{\varphi }(\mathbf {x}, t)|=r\quad \Longrightarrow \quad \forall \tau _1,\ldots ,\tau _L\in [0, r],\quad \chi _\varphi (\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=\chi _\varphi (\mathbf {x}, t). \end{equation} \)
The definitions of asynchronous \( \bar{\tau } \)-early and asynchronous \( \bar{\tau } \)-late signals together with Theorem 5.4 quantify the permissible time shift \( \bar{\tau } \) in terms of how much each predicate \( p_k \) in \( \varphi \) can be shifted via the characteristic function \( \chi _{p_k}(\mathbf {x},t\pm \tau _k) \). Let us next analyze under which conditions these time shifts directly correlate with time shifts in the underlying signal \( \mathbf {x} \). Consider a signal \( \mathbf {x}:\mathbb {T}\rightarrow X \) with its state \( x_t:=(x^{(1)}_{t},\ldots ,x^{(n)}_{t})\in \mathbb {R}^n \). We will use \( \kappa \) to denote time shifts in the elements of \( x_t \), in contrast to \( \tau \) for the time shifts in the predicates. First, note that if all elements \( x^{(i)}_{i} \) of the signal \( \mathbf {x} \) are shifted in time by the same amount \( \kappa \), i.e., \( s^{(i)}_t:=x^{(i)}_{t \pm \kappa } \), \( \forall i\in \lbrace 1,\ldots ,n\rbrace \), then due to Remark 5.1 we have that \( \mathbf {s} \) is an asynchronous \( \bar{\tau } \)-early/late signal,6 i.e., \( \mathbf {s}=\mathbf {x}^{\leftrightarrows \bar{\tau }} \) for \( \bar{\tau }=(\kappa ,\ldots ,\kappa) \). In contrast, if time shifts are different across different elements of the state, the following may apply.
If the signal \( \mathbf {s} \) is defined as \( s_t:=(x^{(1)}_{t \pm \kappa _1},\ldots ,x^{(n)}_{t \pm \kappa _n}) \), i.e., each element \( x_t^{(i)} \) of \( x_t \) is shifted individually by \( \kappa _i \), then there might not exist any \( \bar{\tau }:=(\tau _1,\ldots ,\tau _L) \) such that \( \mathbf {s}=\mathbf {x}^{\leftrightarrows \bar{\tau }} \). In other words, the signal \( \mathbf {s} \) might not be an asynchronous \( \bar{\tau } \)-early/late signal.
Next we consider a specific example that will help us understand under what conditions asynchronously shifting the elements of the state in time leads to asynchronous early or late signals.
Consider three drones that are, for simplicity, assumed to only move in vertical direction. The state of each drone d is \( x^{(d)} :=(z^{(d)}, v^{(d)})\in \mathbb {R}^2 \) and comprises altitude and velocity. We define the signal state as \( x :=(x^{(1)}, x^{(2)}, x^{(3)}) \in \mathbb {R}^{6} \). Assume that we allow time shifts only across the full state of each drone \( x^{(d)} \); i.e., different drones can be shifted in time differently, but the altitude and velocity of each drone d are shifted in time by the same amount \( \kappa _d \). Formally, such shifted signal \( \mathbf {s} \) can be defined as following: \( \begin{equation*} s_t :=\left(s^{(1)}_t,\, s^{(2)}_t,\, s^{(3)}_t\right)= \left(x^{(1)}_{t+\kappa _1},\, x^{(2)}_{t+\kappa _2},\, x^{(3)}_{t+\kappa _3}\right)\!. \end{equation*} \) Also assume that predicates are defined over separate drones only. In this case, any predicate \( p_k\in AP :=\lbrace p_1,\ldots ,p_L\rbrace \) that is defined over a drone d can be represented as \( \mu _k(x_t):=\nu _k(x^{(d)}_t) \), where \( \nu _k \) is some real-valued function. Therefore, the following holds for the predicate \( p_k \): \( \begin{align*} \chi _{p_k}(\mathbf {s}, t)\overset{\text{def}~2.1}{:=} \operatorname{sign}\mu _k(s_t)= &\operatorname{sign}\nu _k(s^{(d)}_t), \\ = &\operatorname{sign}\nu _k(x^{(d)}_{t+\kappa _i}) =\operatorname{sign}\mu _k(x_{t+\kappa _d}) = \chi _{p_k}(\mathbf {x}, t+\kappa _d). \end{align*} \)
Consequently, it holds that \( \mathbf {s}= \mathbf {x}^{\leftarrow \bar{\tau }} \), where \( \bar{\tau }=(\tau _1,\ldots , \tau _L) \) and each \( \tau _k\in \lbrace \kappa _1, \kappa _2, \kappa _3\rbrace \). By applying Theorem 5.4, we can conclude that \( \forall \kappa _1,\kappa _2,\kappa _3 \in [0, r) \) and it holds that \( \chi _\varphi (\mathbf {s},t)=\chi _\varphi (\mathbf {x},t) \) if \( |\theta ^+_{\varphi }(\mathbf {x}, t)|=r \). This means that, as long as within each drone the elements of the state are shifted in time by the same amount, different drones can be shifted in time by the different amounts up to \( |\theta ^+_{\varphi }(\mathbf {x}, t)| \), while formula satisfaction will not change.
We now formally state the result that establishes when asynchronously shifting the elements of the state in time leads to asynchronous early or late signals. Let us therefore consider that the signal \( \mathbf {x} \) is defined as \( x_t:=(\zeta ^{(1)}_t,\ldots ,\zeta ^{(c)}_t), \) where c is the number of groups in which \( x_t \) is clustered. For \( d\in \lbrace 1,\ldots ,c\rbrace \), let us define the state as \( \zeta ^{(d)}_t:=(x^{(d_1)}_t,\ldots ,x^{(d_m)}_t) \) for dimensions \( d_1,\dots ,d_m \).
Assume that every predicate \( p_k\in AP:=\lbrace p_1,\ldots ,p_L\rbrace \) in \( \varphi \) is defined over only a single \( \zeta ^{(d)} \) for some d, i.e., \( \exists d\in \lbrace 1,\ldots ,c\rbrace , \) and a real-valued function \( \nu _k \), such that \( p_k :=\nu _k(\zeta ^{(d)}_t)\ge 0 \). If \( \mathbf {s} \) is defined as \( s_t:=(\zeta ^{(1)}_{t \pm \kappa _1}, \ldots , \zeta ^{(c)}_{t\pm \kappa _c}) \), i.e., each \( \zeta ^{(d)} \) is shifted by a different amount \( \kappa _d \), then \( \mathbf {s}=\mathbf {x}^{\leftrightarrows \bar{\tau }} \); i.e., \( \mathbf {s} \) is an asynchronous \( \bar{\tau } \) early/late signal, where \( \bar{\tau } :=(\tau _1,\ldots ,\tau _L) \) and each \( \tau _k\in \lbrace \kappa _1,\ldots ,\kappa _c\rbrace \).
6 TEMPORALLY ROBUST STL CONTROL SYNTHESIS
As mentioned before, in time-critical systems one is interested not only in satisfying an STL formula but also in satisfying the formula robustly in terms of temporal robustness. In this section, our goal is to design control laws that maximize the temporal robustness of a dynamical system. We refer to this problem as the temporally robust control synthesis problem and consider in the remainder discrete-time dynamical systems.
6.1 Problem Formulation
Consider a discrete-time, linear control system (19) \( \begin{equation} x_{t+1} :=A x_t + Bu_t, \;\;\; x_0\in X_0, \end{equation} \) where \( x_t\in X\subseteq \mathbb {R}^n \) and \( u_t\in U\subseteq \mathbb {R}^m \) are the state and control input of a linear dynamical system, respectively, where X and U are the workspace and the set of permissible control inputs. We assume that sets X and U can be represented as a set of MILP constraints, e.g., when X and U are polytopes. Let the system have an initial condition \( x_0 \) from the set \( X_0 \). Let A and B be the system matrices of appropriate dimensions. Before defining the temporally robust control synthesis problem, we make two assumptions on the STL formula \( \varphi \). First, we assume that \( \varphi \) is built from he linear predicate function; i.e., \( \mu (x_t) \) is a linear function of the state. Second, we assume that \( \varphi \) is bounded-time with formula length \( {\it len}(\varphi) \). For the definition of the formula length, we refer the reader to [47].
(Temporally Robust Control Synthesis).
Given an STL specification \( \varphi \), a temporal robustness of interest \( \vartheta \in \lbrace \theta ^+_\varphi , \theta ^-_\varphi , \eta ^+_\varphi ,\eta ^-_\varphi \rbrace \), a time horizon \( H\ge \text{len}(\varphi) \), a discrete-time control system as in Equation (19), and a desired lower bound \( \vartheta ^*\gt 0 \) on the temporal robustness \( \vartheta \), solve (20) \( \begin{equation} \begin{aligned}\mathbf {u}^*= &\underset{\mathbf {u}:=(u_0,\ldots ,u_{H-1})}{\text{argmax}} \quad \vartheta (\mathbf {x},0) \\ \text{s.t.} &\quad x_{t+1} :=A x_t + B u_t,\quad t= 0,\ldots ,H-1\\ & \quad u_t\in U,\quad t=0,\ldots ,H-1\\ &\quad x_t\in X,\quad t=0,\ldots ,H\\ &\quad \vartheta (\mathbf {x},0)\ge \vartheta ^*\gt 0. \end{aligned} \end{equation} \)
Problem 1 aims at finding an optimal control sequence \( \mathbf {u}^* \) such that the corresponding signal \( \mathbf {x} \) not only respects the dynamics and input-state constraints presented by X and U but also robustly satisfies the given specification \( \varphi \). Note that the last constraint in Equation (20) particularly implies that the formula \( \varphi \) is satisfied because we require the temporal robustness value to be strictly positive; see Theorems 4.1 and 4.5. Moreover, one can also control the desired lower bound \( \vartheta ^* \) on the temporal robustness that must be achieved by the system.
Solving Problem 1 poses several challenges as both the synchronous and the asynchronous temporal robustness are neither continuous nor smooth functions. Particularly, the counting of time shifts, as expressed by the \( \sup \) operator in Definitions 3.1 and 3.2, does not allow for the use of the variety of existing methods for control under STL specifications, e.g., gradient-based solutions and smooth approximations as in [1, 44]. This motivates the use of MILP to explicitly encode and solve Problem 1. In the remainder, we present an MILP encoding for the left temporal robustness and we remark that the right temporal robustness can be encoded analogously with only minor modifications, and is hence omitted.
We note that Problem 1 can be encoded as an MILP for an even broader class of dynamical systems than in Equation (19). As long as the system dynamics can be expressed as a set of MILP constraints, the overall encoding will lead to an MILP formulation. Such systems include, for instance, hybrid systems such as mixed logical dynamical systems [10], piecewise affine systems [54], linear complementarity systems [56], and max-min-plus-scaling systems [16].
6.2 MILP Encoding of Synchronous Temporal Robustness
For the case of a finite left synchronous temporal robustness \( \eta ^+_\varphi (\mathbf {x},t) \), e.g., when considering a finite time horizon H as in Problem 1, the \( \sup \) operator in Definition 3.1 can be replaced by a \( \max \) operator; i.e., we have that (21) \( \begin{equation} \eta ^+_\varphi (\mathbf {x},t) :=\chi _\varphi (\mathbf {x}, t)\cdot \max \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in [t,t+\tau ],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t)\rbrace . \end{equation} \) Note that the calculation of \( \eta ^+_\varphi (\mathbf {x},t) \) is based on the characteristic function \( \chi _\varphi (\mathbf {x}, t) \). Therefore, we start our MILP encoding of the synchronous temporal robustness \( \eta ^+_\varphi (\mathbf {x},t) \) with the encoding of the STL formula \( \varphi \) followed by the encoding of the \( \max \) operator in Equation (21).
Boolean encoding of STL constraints. . Consider a binary variable \( z^\varphi _t\in \lbrace 0,1\rbrace \) that corresponds to the satisfaction of the formula \( \varphi \) by the signal \( \mathbf {x} \) at time point t; i.e. we let (22) \( \begin{equation} z_t^\varphi :={\left\lbrace \begin{array}{ll} 1&\text{if}\ \chi _\varphi (\mathbf {x},t)=1,\\ 0&\text{if}\ \chi _\varphi (\mathbf {x},t)=-1.\\ \end{array}\right.} \end{equation} \) In [47], a recursive MILP encoding of the variable \( z_t^\varphi \) has been presented such that exactly the above relationship holds. We use this set of MILP constraints in the remainder to obtain an MILP encoding for the left synchronous temporal robustness \( \eta ^+_\varphi (\mathbf {x},t) \).

Encoding of the left synchronous temporal robustness. . Using Equation (22), the definition of the left temporal robustness \( \eta ^+_\varphi (\mathbf {x},t) \) in Equation (21) can be written in terms of \( z_t^\varphi \) as follows: (23) \( \begin{equation} \eta ^+_\varphi (\mathbf {x},t):={\left\lbrace \begin{array}{ll} \quad \max \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in [t,t+\tau ],\ z_{t^{\prime }}^\varphi =1\rbrace &\text{if}\ z_t^\varphi =1,\\ -\max \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in [t,t+\tau ],\ z_{t^{\prime }}^\varphi =0\rbrace &\text{if}\ z_t^\varphi =0. \end{array}\right.} \end{equation} \) In other words, if \( z_t^\varphi =1, \) one has to count the maximum number of sequential time points \( t^{\prime }\gt t \) in the future for which \( z_{t^{\prime }}^\varphi =1 \). If \( z_t^\varphi =0 \), one has to count the maximum number of sequential time points \( t^{\prime }\gt t \) in the future for which \( z_{t^{\prime }}^\varphi =0 \), and then multiply this number with \( -1 \). To implement this idea, we first construct the counter variable \( c^{1,\varphi }_t\in \mathbb {Z}_{\ge 0} \) that counts sequential \( z_{t^{\prime }}^\varphi =1 \) for \( t^{\prime }\ge t \). We also construct the second counter variable \( c^{0,\varphi }_t\in \mathbb {Z}_{\ge 0} \) that counts the number of sequential \( z_{t^{\prime }}^\varphi =0 \) for \( t^{\prime }\ge t \) and then multiplies the counted value by \( -1 \). Since we count steps into the future from t, we do this recursively and backwards in time as follows: (24) \( \begin{align} &c^{1,\varphi }_t :=\left(c^{1,\varphi }_{t+1} +1\right) \cdot z^\varphi _t, \qquad \ \,\qquad c^{1,\varphi }_{H+1}:=0, \end{align} \) (25) \( \begin{align} &c^{0,\varphi }_t :=\left(c^{0,\varphi }_{t+1} -1\right) \cdot (1-z^\varphi _t), \qquad c^{0,\varphi }_{H+1}:=0. \end{align} \) Note that temporal robustness is defined by \( z^\varphi _{t^{\prime }} \) for which \( t^{\prime }\gt t \) rather than \( t^{\prime }\ge t \). Therefore, the previously defined counters \( c^{1,\varphi }_t \), \( c^{0,\varphi }_t \) must be adjusted by the value of 1 as follows: (26) \( \begin{align} &\tilde{c}^{1,\varphi }_{t}:=c^{1,\varphi }_t - z^\varphi _t, \end{align} \) (27) \( \begin{align} &\tilde{c}^{0,\varphi }_{t} :=c^{0,\varphi }_t + (1-z^\varphi _t). \end{align} \) Since the two cases in Equation (23) are disjoint or, in other words, \( z_t^\varphi \) is either 1 or 0, the overall left synchronous temporal robustness \( \eta ^+_\varphi (\mathbf {x}, t) \) can be implemented as a sum of the two adjusted counters: (28) \( \begin{equation} \eta ^+_\varphi (\mathbf {x},t) :=\tilde{c}^{1,\varphi }_t + \tilde{c}^{0,\varphi }_t. \end{equation} \)
The constraints in Equations (24) and (25) contain a product of an integer variable with a Boolean variable. Such product can be expressed as a set of MILP constraints following Lemma D.2.
The MILP encoding (Equations (22)–(28)) of the left synchronous temporal robustness \( \eta ^+_\varphi (\mathbf {x},t) \) is formally summarized in Algorithm 1. It outputs a set of MILP constraints \( {\mathcal {P}} \) and \( \eta ^+_{\varphi }(\mathbf {x}, t) \) for all time steps \( t=0,\ldots ,H \), denoted as \( \mathbf {\eta }^+_{\varphi }(\mathbf {x}) \). We summarize the main properties of the above MILP encoding in the following Proposition 6.1, while the proof is available in Appendix C.
Let \( \mathbf {x} \) be a signal satisfying the recursion of the discrete-time dynamical system (Equation (19)) and let \( \varphi \) be an STL specification that is built upon linear predicates. Then:
(1) | The left synchronous temporal robustness sequence \( \mathbf {\eta }^+_\varphi (\mathbf {x}):=(\eta ^+_\varphi (\mathbf {x},0),\ldots ,\eta ^+_\varphi (\mathbf {x},H)) \), with \( \eta ^+_\varphi (\mathbf {x},t) \) as in Equation (21), is equivalent to the output \( (\mathbf {\eta }^+_{\varphi }(\mathbf {x}),\,{\mathcal {P}}):=\texttt {MILP_SYNC}(\varphi ,\mathbf {x}) \) of Algorithm 1. | ||||
(2) | The MILP encoding of \( \mathbf {\eta }^+_{\varphi }(\mathbf {x}) \) in Algorithm 1 is a function of \( O(H\cdot |AP|) \) binary and \( O(H\cdot |\varphi |) \) continuous variables, where H is the time horizon, \( |\varphi | \) is the number of operators in the formula \( \varphi \), and \( |AP| \) is the number of used predicates. | ||||
(continues=ex:running).
Take a look again at the signal \( \mathbf {x} \) and an STL formula \( \varphi =p\wedge q \) evaluation shown in Figure 1. In Table 1 we consider a step-by-step estimation of the left synchronous temporal robustness \( \mathbf {\eta }^+_{\varphi }(\mathbf {x}) \) following the MILP encoding procedure described above in Section 6.2 and formally defined in Algorithm 1. From Figure 1(b) one can see that \( \mathbf {\chi }_{p\wedge q}(\mathbf {x})=(1, 1, -1, -1, -1, -1, -1, -1, 1, 1) \). Then following Algorithm 1, one can see that the \( \mathbf {\eta }^+_\varphi (\mathbf {x}) \) sequence is indeed equal to \( (1, 0, -5, -4, -3, -2, -1, 0, 1, 0) \) shown in Figure 1(c). Therefore, the MILP encoding procedure leads to the same result as its estimation by the definition.
Finally, using the MILP encoding of the left synchronous temporal robustness \( \eta ^+_\varphi (\mathbf {x},t) \) presented in Algorithm 1, we summarize the overall MILP encoding of Problem 1 in case of \( \vartheta = \eta ^+_{\varphi } \) in Algorithm 2. The function \( \texttt {SYSTEM_CONSTRAINTS}(x_0,\mathbf {u}) \) defines linear constraints on the decision variable \( u_t \) according to Equation (19) and such that \( x_t\in X \). The below Proposition 6.2 states the correctness of our encoding and follows directly from the definition of Problem 1.
| t | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|---|---|---|---|---|---|---|---|---|---|---|
| \( \chi _{\varphi }(\mathbf {x},t) \) | 1 | 1 | -1 | -1 | -1 | -1 | -1 | -1 | 1 | 1 | |
| \( z_t^{\varphi } \), see (22) | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | |
| \( c^{1,\varphi }_t:=(c^{1,\varphi }_{t+1} +1) \cdot z^\varphi _t \), \( \quad c^{1,\varphi }_{H+1}:=0 \) | 2 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 2 | 1 | 0 |
| \( c^{0,\varphi }_t :=(c^{0,\varphi }_{t+1} -1) \cdot (1-z^\varphi _t) \), \( \quad c^{0,\varphi }_{H+1}:=0 \) | 0 | 0 | -6 | -5 | -4 | -3 | -2 | -1 | 0 | 0 | 0 |
| \( \tilde{c}^{1,\varphi }_{t}:=c^{1,\varphi }_t - z^\varphi _t \) | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | |
| \( \tilde{c}^{0,\varphi }_{t} :=c^{0,\varphi }_t + (1-z^\varphi _t) \) | 0 | 0 | -5 | -4 | -3 | -2 | -1 | 0 | 0 | 0 | |
| \( \eta ^+_\varphi (\mathbf {x},t) :=\tilde{c}^{1,\varphi }_t + \tilde{c}^{0,\varphi }_t \) | 1 | 0 | -5 | -4 | -3 | -2 | -1 | 0 | 1 | 0 |
Table 1. Estimation of \( \eta ^+_\varphi (\mathbf {x},t) \) for \( \varphi :=p\wedge q \) from Example 1 following Algorithm 1
The temporally robust STL control synthesis problem as defined in Problem 1 with synchronous left temporal robustness, i.e., \( \vartheta = \eta ^+_{\varphi } \), is equivalent to an MILP as described in Algorithm 2.
We again remark that the case of synchronous right temporal robustness \( \vartheta = \eta ^-_\varphi \) can be handled almost identically.

6.3 MILP Encoding of Asynchronous Temporal Robustness
Recall that the left asynchronous temporal robustness \( \theta ^+_\varphi (\mathbf {x},t) \) from Definition 3.2 is defined recursively on the structure of \( \varphi \). In contrast to the MILP encoding for the synchronous temporal robustness \( \eta ^+_p(\mathbf {x},t) \), we hence encode the left asynchronous temporal robustness \( \theta ^+_p(\mathbf {x},t) \) for every predicate p containing in \( \varphi \) first, and then encode the recursive rules (Equations (6)–(8)) that are applied to every \( \theta ^{+}_p(\mathbf {x},t) \).
Encoding of STL predicates. . Note that due to Corollary 4.9, \( \theta ^{\pm }_p(\mathbf {x},t)=\eta ^{\pm }_p(\mathbf {x},t) \) for any \( t\in \mathbb {T} \). Therefore, the MILP encoding of \( \theta ^+_p(\mathbf {x}) \) is defined by the function \( \texttt {MILP_SYNC}(p,\mathbf {x}) \) described by Algorithm 1. Therefore, we can already summarize the encoding of STL predicates using MILP in the following corollary.
For a signal \( \mathbf {x} \) satisfying the recursion of the discrete-time dynamical system (Equation (19)) and a linear predicate \( p\in AP \), the left asynchronous temporal robustness sequence \( \mathbf {\theta }^+_p(\mathbf {x}):=(\theta ^+_p(\mathbf {x},0),\ldots ,\theta ^+_p(\mathbf {x},H)) \) with \( \theta ^+_p(\mathbf {x},t) \) defined by Equation (4) is equivalent to the set of MILP constraints produced by the function \( (\theta ^+_{p}(\mathbf {x}),\,{\mathcal {P}}):=\texttt {MILP_SYNC}(p,\mathbf {x}) \) presented in Algorithm 1.

Encoding of STL operators. . Having encoded the temporal robustness of STL predicates as MILP constraints, the generalization to STL formulas is straightforward and can use the encoding from [47]. For example, let \( \varphi = \wedge _{j=1}^m \varphi _i \) and \( \theta ^+_{\varphi _j}(\mathbf {x},t) = r_j \). By Definition 3.2 and following Equation (7), we have that \( \theta ^+_{\varphi }(\mathbf {x}, t)=\min _{j=1,\ldots ,m} \theta ^+_{\varphi _j}(\mathbf {x}, t) \). Then \( \theta ^+_{ \varphi }(\mathbf {x},t) = r \) if and only if the following MILP constraints hold: (29) \( \begin{equation} \begin{aligned}&r_j - M(1-b_j) \le r \le r_j, \quad j=1,\ldots , m\\ & \sum _{j=1}^{m} b_j = 1, \end{aligned} \end{equation} \) where \( b_j=\lbrace 0,1\rbrace \) are introduced binary variables for \( j=1,\ldots ,m \) and M is a big-M parameter.7
The complete MILP encoding of the left asynchronous temporal robustness \( \theta ^+_\varphi (\mathbf {x},t) \) is formally summarized in Algorithm 3, which consists of two steps: first, the encoding of the STL predicates, defined formally through the function \( \texttt {MILP_SYNC}(p_k,\mathbf {x}) \) for each predicate \( p_k \) within \( \varphi \), and second, the encoding of STL operators, defined through the function \( \texttt {MILP_OPERATORS}(\varphi ,\mathbf {x},\mathbf {\theta }^+_{p}(\mathbf {x})) \) that is defined according to [47] and recursively follows the structure of \( \varphi \). Algorithm 3 outputs a set of MILP constraints \( \mathcal {Q} \) and \( \theta ^+_{\varphi }(\mathbf {x}, t) \) for all time steps \( t=0,\ldots ,H \), denoted as \( \mathbf {\theta }^+_{\varphi }(\mathbf {x}) \). We summarize the main properties of the above MILP formulation of the left asynchronous temporal robustness in Proposition 6.3, while the proof is available in Appendix C.
Let \( \mathbf {x} \) be a signal satisfying the recursion of the discrete-time dynamical system (Equation (19)) and let \( \varphi \) be an STL specification that is built upon linear predicates. Then:
(1) | The left asynchronous temporal robustness sequence \( \mathbf {\theta }^+_{\varphi }(\mathbf {x}):=(\theta ^+_\varphi (\mathbf {x},0),\ldots ,\theta ^+_\varphi (\mathbf {x},H)) \) with \( \theta ^+_\varphi (\mathbf {x},t) \) as in Equation (4) is equivalent to the output \( (\theta ^+_{\varphi }(\mathbf {x}),\,\mathcal {Q}):=\texttt {MILP_ASYN}(\varphi ,\mathbf {x}) \) of Algorithm 3. | ||||
(2) | MILP encoding of \( \mathbf {\theta }^+_{\varphi }(\mathbf {x}) \) in Algorithm 3 is a function of \( O(H\cdot (|AP|+|\varphi |)) \) binary and continuous variables, where H is the time horizon, \( |\varphi | \) is the number of operators in the formula \( \varphi , \) and \( |AP| \) is the number of used predicates. | ||||

(continues=ex:running).
Take a look again at the signal \( \mathbf {x} \) and an STL formula \( \varphi =p\wedge q \) evaluation shown in Figure 1. In Table 2 we consider an estimation of the left asynchronous temporal robustness \( \mathbf {\theta }^+_{\varphi }(\mathbf {x}) \) following the MILP encoding procedure described above in Section 6.3 and formally defined in Algorithm 3. From Figure 1(b) one can see the values of \( \chi _{p}(\mathbf {x}, t) \) and \( \chi _{q}(\mathbf {x}, t) \) for all \( t=1,\ldots ,9 \). Then following Algorithm 1, we construct \( \mathbf {\theta }^+_p(\mathbf {x}) \) and \( \mathbf {\theta }^+_q(\mathbf {x}) \) sequences shown in Figure 1(d). Finally, using Equation (29), we obtain that the \( \mathbf {\theta }^+_\varphi (\mathbf {x}) \) sequence is indeed equal to \( (1, 0, -2, -3, -2, -1, 0, 0, 1, 0) \) shown in Figure 1(d). Therefore, the MILP encoding procedure leads to the same result as its estimation by the definition.
| t | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
|---|---|---|---|---|---|---|---|---|---|---|
| \( \chi _p(\mathbf {x},t) \) | 1 | 1 | 1 | -1 | -1 | -1 | -1 | 1 | 1 | 1 |
| \( \chi _q(\mathbf {x},t) \) | 1 | 1 | -1 | -1 | -1 | 1 | 1 | -1 | 1 | 1 |
| \( \theta ^+_p(\mathbf {x}, t) \), see \( \texttt {MILP_SYNC}(p,\mathbf {x}) \) | 2 | 1 | 0 | -3 | -2 | -1 | 0 | 2 | 1 | 0 |
| \( \theta ^+_q(\mathbf {x}, t) \), see \( \texttt {MILP_SYNC}(q,\mathbf {x}) \) | 1 | 0 | -2 | -1 | 0 | 1 | 0 | 0 | 1 | 0 |
| \( \theta ^+_{\varphi }(\mathbf {x}, t):=\theta ^+_{p}(\mathbf {x}, t) \sqcap \theta ^+_{q}(\mathbf {x}, t) \), see Equation (29) | 1 | 0 | -2 | -3 | -2 | -1 | 0 | 0 | 1 | 0 |
Table 2. Estimation of \( \theta ^+_{\varphi }(\mathbf {x},t) \) for \( \varphi :=p\wedge q \) from Example 1 following Algorithm 3
Finally, we define the overall MILP encoding of Problem 1 in case of \( \vartheta = \theta ^+_{\varphi } \) in Algorithm 4. We state the correctness of our encoding in the next proposition.
The temporally robust control synthesis problem as defined in Problem 1 with asynchronous left temporal robustness, i.e., \( \vartheta = \theta ^+_\varphi \), is equivalent to an MILP as in Algorithm 4.
We again remark that the case of asynchronous right temporal robustness \( \vartheta = \theta ^-_\varphi \) can be handled almost identically.
7 EXPERIMENTAL RESULTS
In this section, we present three case studies. The first two case studies illustrate the tools presented in Sections 4 and 5 to analyze temporal robustness. The third case study, on the other hand, illustrates the control design tools proposed in Section 6. All simulations were performed on a computer with an Intel Core i7-9750H 6-core processor and 16GB RAM, running Ubuntu 18.04. The MILPs were implemented in MATLAB using YALMIP [40] with Gurobi 9.1 [26] as a solver.
7.1 Sine and Cosine Waves
We first analyze a simple sine wave signal similar to [20] to illustrate our theoretical findings. Assume we are given the following discrete-time signal: (30) \( \begin{equation} x(t) :=\sin (a t) + \sin (2a t),\quad t=0,\ldots ,100, \end{equation} \) where we set \( a:=0.1 \); see Figure 5 for an illustration. In the remainder, we consider four different STL specifications \( \varphi _1 \)–\( \varphi _4 \).
Fig. 5. Discrete-time sine wave signal \( \mathbf {x} \) defined by Equation (30).
Specification \( \varphi _1 \). First, we would like to verify that the signal \( x(t) \) stays above the threshold \( -0.2 \) within the first 15 time units. This can be stated as the STL formula \( \begin{equation*} \varphi _1:=\square _{[0,\, 15]}\, p_1, \end{equation*} \) where \( p_1:=x\ge -0.2 \). Note that x satisfies \( \varphi _1 \), i.e., \( \chi _{\varphi _1}(\mathbf {x},0)=1 \). The left asynchronous temporal robustness is \( \theta ^+_{\varphi _1}(\mathbf {x},0) = 7, \) where the calculation of \( \theta ^+_{\varphi _1}(\mathbf {x},0) \) took 0.002 seconds. We remark that low computation times are obtained throughout this section. Note that since \( \varphi _1\in \text{STL}^{\!+}(\wedge ,\square _I) \) and \( \chi _{\varphi _1}(\mathbf {x},0)=1 \), it holds that \( \eta ^{+}_{\varphi _1}(\mathbf {x},0)=\theta ^{+}_{\varphi _1}(\mathbf {x},0)=7 \) due to Lemma 4.11. Consequently, we have that \( \chi _{\varphi _1}(\mathbf {x}^{\leftarrow \tau },0)=1 \) for each \( \tau \in \lbrace 0,\dots ,7\rbrace \) due to Equations (15) and (18). In other words, we can shift the signal \( x(t) \) by up to 7 time units without violating the specification \( \varphi _1 \). Due to Equation (15), it also holds that \( \chi _{\varphi _1}(\mathbf {x}^{\leftarrow 8},0)=-1 \) as illustrated in Figure 6 for \( \mathbf {x}^{\leftarrow 8} \) being depicted in black. This means that once we shift by 8 time units, we violate the specification \( \varphi _1 \).
Fig. 6. Zoomed-in discrete-time sine wave signal \( \mathbf {x} \) (blue). The STL formula \( \varphi _1 \) is satisfied with asynchronous temporal robustness \( \theta ^+_{\varphi _1}(\mathbf {x},0) = 7 \) . For the signal \( \mathbf {x} \) that is shifted by 8 time units to the left (black), the STL formula \( \varphi _1 \) is violated. Violation is depicted in red, where \( \mathbf {x}^{\leftarrow 8}(15)\lt -0.2 \) so that \( \chi _{p_1}(\mathbf {x}^{\leftarrow 8},15)=-1 \) and consequently \( \chi _{\varphi _1}(\mathbf {x}^{\leftarrow 8},0)=-1 \) .
Specification \( \varphi _2 \). Let us now increase the timing constraint in \( \varphi _1 \) from 15 to 30 time units, i.e., consider instead the STL formula \( \varphi _2:=\square _{[0,\,30]}\, p_1 \). Then it follows that the specification \( \varphi _2 \) is violated by \( \mathbf {x} \), i.e., \( \chi _{\varphi _2}(\mathbf {x},0)=-1 \). In fact, the left asynchronous temporal robustness is \( \theta ^{+}_{\varphi _2}(\mathbf {x},0)=-6 \). Unlike in the previous case, note that we now cannot apply Lemma 4.11 anymore since \( \chi _{\varphi _2}(\mathbf {x},0)=-1 \) and it holds that \( \theta ^{+}_{\varphi _2}(\mathbf {x},0)\ne \eta ^{+}_{\varphi _2}(\mathbf {x},0) \). Particularly, note that the synchronous left temporal robustness is now \( \eta ^{+}_{\varphi _2}(\mathbf {x},0)=-70 \).8
Specification \( \varphi _3 \). Now, we would like to verify the following property: if in the first 5 time units the value of the signal raises above 0.1, then it should drop and stay below \( -0.5 \) from 45 to 50 time units. This is expressed by the STL formula \( \begin{equation*} \varphi _3 :=\square _{[0,\, 5]} \left(p_2 \Longrightarrow \square _{[45,\, 50]}\; p_3\right)\hspace{-2.5pt}, \end{equation*} \) where \( p_2:=x\ge 0.1 \) and \( p_3:=x \le -0.5 \). The left asynchronous temporal robustness for this case is \( \theta ^+_{\varphi _3}(\mathbf {x},0) = 6 \) with a calculation time of 0.005 seconds. Note that the left synchronous temporal robustness for this case is also \( \eta ^+_{\varphi _3}(\mathbf {x},0) = 6 \) with a computation time of 0.003 seconds. Consequently, if we shift the signal \( \mathbf {x} \) by 7 time units to the left, i.e., more than the calculated temporal robustness, then the specification \( \varphi _3 \) is not satisfied anymore; see Figure 7. In fact, one can see that \( \mathbf {x}^{\leftarrow 7}(55)\gt -0.5 \). This means that \( \chi _{p_3}(\mathbf {x}^{\leftarrow 7},55)=-1 \) so that \( \chi _{\square _{[45,50]}p_3}(\mathbf {x}^{\leftarrow 7},5)=-1 \) and consequently \( \chi _{\varphi _3}(\mathbf {x}^{\leftarrow 7},0)=-1 \).
Fig. 7. Zoomed-in discrete-time sine wave signal \( \mathbf {x} \) (blue). The STL formula \( \varphi _3 \) is satisfied with asynchronous temporal robustness \( \theta ^+_{\varphi _3}(\mathbf {x},0) = 6 \) . For the signal \( \mathbf {x} \) that is shifted by 7 time units to the left (black), the STL formula \( \varphi _3 \) is violated. Violation is depicted in red, \( \mathbf {x}^{\leftarrow 7}(55)\gt -0.5 \) .
Specification \( \varphi _4 \). Consider now a specification \( \varphi _4 \) that depends on a two-dimensional signal. The first component \( x_{(1)}(t) \) is equivalent to \( x(t) \) in Equation (30) (recall Figure 5), while the second component \( x_{(2)}(t) \) is defined as (31) \( \begin{equation} x_{(2)}(t) :=\cos (a t) - \cos (2a t),\quad t=0,\ldots ,100, \end{equation} \) where we set \( a:=0.1 \); see Figure 8 for an illustration. We also redefine \( \mathbf {x}:=(\mathbf {x}_{(1)},\ \mathbf {x}_{(2)}) \). We want to verify that during the first 10 time units either \( x_{(1)} \) is non-positive or \( x_{(2)} \) is non-negative, which is expressed as \( \begin{equation*} \varphi _4 :=\square _{[0,\,10]} (p_4 \vee p_5), \end{equation*} \) where \( p_4 :=x_{(1)} \le 0 \) and \( p_5:=x_{(2)} \ge 0 \).
Fig. 8. Discrete-time cosine wave signal \( \mathbf {x}_{(2)} \) defined by Equation (31).
The left synchronous temporal robustness for this case is \( \eta ^+_{\varphi _4}(\mathbf {x},0) = 21 \), while the left asynchronous temporal robustness is \( \theta ^+_{\varphi _4}(\mathbf {x},0) = 10 \). Since both values are positive, we can conclude that \( \varphi _4 \) is satisfied due to Theorems 4.1 and 4.5; see Figure 9(a). Due to Equation (15), for any synchronous early signal \( \mathbf {x}^{\leftarrow \tau } \) where \( \tau \le |\eta ^{+}_{\varphi _4}(\mathbf {x},0)|=21, \) it holds that the formula \( \varphi _4 \) will still be satisfied. However, the formula \( \varphi _4 \) will not be satisfied anymore for \( \mathbf {x}^{\leftarrow 22} \), which is highlighted in Figure 9(b). One can indeed see that the specification \( \varphi _4 \) is violated by \( \mathbf {x}^{\leftarrow 22} \) since \( \mathbf {x}_{(1)}^{\leftarrow 22}(10)\gt 0 \) and \( \mathbf {x}_{(2)}^{\leftarrow 22}(0),\ldots ,\mathbf {x}_{(2)}^{\leftarrow 22}(10)\lt 0 \) so that \( \chi _{\varphi _4}(\mathbf {x}^{\leftarrow 22},0)=-1 \). Analogously, we can reason about asynchronous temporal robustness. Since \( \theta ^+_{\varphi _4}(\mathbf {x},0) = 10 \), then for any asynchronous early signal \( \mathbf {x}^{\leftarrow \bar{\tau }} \) where \( \max (\tau _{p_4},\tau _{p_5}) \le |\theta ^{+}_{\varphi _4}(\mathbf {x},0)|=10, \) it holds that the formula \( \varphi _4 \) will still be satisfied due to Equation (18).
Fig. 9. Zoomed-in analysis of specification \( \varphi _4 \) satisfaction and violation.
7.2 Multi-agent Coordination
In this example, we consider a multi-agent scenario where two agents are supposed to coordinate and exchange goods within a designated goal set and within 50 time units. This scenario is captured in the following specification: \( \begin{equation*} \varphi _{\text{coord}} :=\Diamond _{[0, 50]} \left(x^{(1)}\in {\it Goal}\ \wedge \ x^{(2)} \in {\it Goal}\right)\hspace{-2.5pt}, \end{equation*} \) where \( x^{(d)}\in \mathbb {R}^2 \), \( d\in \lbrace 1,2\rbrace \) denotes the position of the agent d in a two-dimensional space. Figure 10 depicts the goal set \( {\it Goal} \) and the given discrete-time signal \( \mathbf {x}:=(\mathbf {x}^{(1)}, \mathbf {x}^{(2)}), \) which has 100 sampling points. Each \( \mathbf {x}^{(d)} \) denotes the position signal of the agent d. One can notice that the specification \( \varphi _{\text{coord}} \) is satisfied by the nominal signal because there are two time instances (\( t=30 \) and \( t=31 \)) when both of the agents are within the goal set within the first 50 time units; see Figure 10(b).
Fig. 10. Mission workspace for the multi-agent coordination scenario \( \varphi _{\text{coord}} \) . Initial positions of the agents marked by \( \star \) ; goal set is given as a green rectangle. Specification \( \varphi _{\text{coord}} \) is satisfied by the given nominal signals since there are two time instances when both of the agents are within the goal set (black circles).
The calculated left synchronous temporal robustness for this case is \( \eta ^+_{\varphi _{\text{coord}}}(\mathbf {x},0) = 31 \) time units. Due to Theorem 4.1, the specification \( \varphi _{\text{coord}} \) is indeed satisfied, i.e., \( \chi _{\varphi _{\text{coord}}}(\mathbf {x}, 0)=1 \). Then due to Equation (15), for any synchronous \( \tau \)-early signal with \( \tau \le 31 \) time units the specification \( \varphi _{\text{coord}} \) will still be satisfied. For the signal \( \mathbf {x}^{\leftarrow 32} \), however, the specification \( \varphi _{\text{coord}} \) will change its satisfaction to violation, i.e., \( \begin{equation*} \forall \tau \in [0,31],\ \chi _{\varphi _{\text{coord}}}(\mathbf {x}^{\leftarrow \tau }, 0)=1\quad \text{and} \quad \chi _{\varphi _{\text{coord}}}(\mathbf {x}^{\leftarrow 32}, 0)=-1. \end{equation*} \) Figure 11 depicts two examples of synchronous early signals. Figure 11(a) shows the signal \( \mathbf {x}^{\leftarrow 20} \) for which the specification \( \varphi _{\text{coord}} \) is satisfied, and Figure 11(b) shows \( \mathbf {x}^{\leftarrow 32} \) for which \( \varphi _{\text{coord}} \) is violated.
Fig. 11. Synchronous early signals.
Due to Theorem 4.10, one can immediately see that \( \theta ^+_{\varphi _{\text{coord}}}(\mathbf {x},0) \le 31 \). Now, since \( \varphi \not\in \text{STL}^{\!+}(\wedge ,\square _I), \) it does not necessarily hold that \( \theta ^+_{\varphi _{\text{coord}}}(\mathbf {x},0) = 31 \). In fact, we find that \( \theta ^+_{\varphi _{\text{coord}}}(\mathbf {x},0) = 1 \) so that only asynchronous time shifts by up to 1 time unit to the left will not violate the specification, i.e., \( \forall \bar{\tau }\in \lbrace (0, 0), (0, 1), (1, 0), (1,1)\rbrace ; \) it holds that \( \chi _{\varphi _{\text{coord}}}(\mathbf {x}^{\leftarrow \bar{\tau }}, 0)=1 \). As discussed before, Equation (18) only provides a sufficient condition so that asynchronous time shifts larger than \( \theta ^+_{\varphi _{\text{coord}}}(\mathbf {x},0) \) do not necessarily result in a violation of \( \varphi _{\text{coord}} \). Indeed, Figure 12(a) depicts \( \mathbf {x}^{\leftarrow (2, 0)} \) for which the specification \( \varphi _{\text{coord}} \) is satisfied since there are four time instances (black circles) for which both agents are inside the goal set. On the other hand, a simple search over the whole space of possible asynchronous time shifts lets us find a signal when the specification \( \varphi _{\text{coord}} \) becomes violated; see Figure 12(b). For \( \mathbf {x}^{\leftarrow (2, 10)} \), the agents are never together in the goal set: when agent 2 is inside the goal set (magenta circles), agent 1 is still on the way to the goal set, and the moment agent 1 reaches the goal (cyan circles), agent 2 already leaves it.
Fig. 12. Asynchronous early signals.
7.3 Multi-agent Surveillance
In this case study we illustrate the control design tools proposed in Section 6. We consider two identical unmanned aerial vehicles (UAVs) and three places of interest on the campus of the University of Pennsylvania; see Figure 13 for an overview. In particular, these places of interest are the Franklin Field (Stadium), the Hospital of the University of Pennsylvania (HUP), and the School of Medicine Smilow Center (Smilow). The UAVs are tasked with a mission where they collaboratively surveil the Stadium while one of the UAVs is required to pick up specific items in the HUP and then drop them off at the Smilow.
Fig. 13. Multi-agent surveillance case study map. Initial positions for the two UAVs marked by \( \star \) .
We assume that the UAVs operate in a two-dimensional workspace. For each UAV \( d\in \lbrace 1,2\rbrace \), let the state be \( x^{(d)}:=(pos^{(d)}, vel^{(d)})\in \mathbb {R}^4 \), where \( pos^{(d)} \) and \( vel^{(d)} \) are the two-dimensional position and velocity, respectively, and let the control input be \( u^{(d)} \in \mathbb {R}^2 \). We denote the full state of the system as \( x :=(x^{(1)}, x^{(2)}) \) and the stacked control input as \( u :=(u^{(1)},u^{(2)}) \). The linear state-space representation of the system is driven by discrete-time double integrator dynamics and is written as follows: \( \begin{equation*} x_{t+1}:=Ax_t+B u_t, \quad ||u_t||_\infty \le 20, \end{equation*} \) where \( A:=I_4 \otimes [{\begin{matrix} 1&0.1\\ 0&1 \end{matrix}}] \) and \( B:=I_4 \otimes [{\begin{matrix} 0.005\\ 0.1 \end{matrix}}] \), with \( I_4 \) being the identity matrix of dimension \( n\times n \) and with \( \otimes \) denoting the Kronecker product. We set the time horizon to \( H:=50 \). The initial positions of the agents are set to \( pos_{0}^{(1)}:=(1, 3) \) and \( pos_{0}^{(2)}:=(8,3) \) (this UAV starts from within the Stadium), while the initial velocities are set to zero.
The overall multi-agent surveillance mission is defined as: (32) \( \begin{equation} \varphi _{\text{MAS}} :=\varphi _{\text{surveil}} \wedge \varphi _{\text{pick-up}} \wedge \varphi _{\text{drop-off}}, \end{equation} \) where we explain \( \varphi _{\text{surveil}} \), \( \varphi _{\text{pick-up}} \), and \( \varphi _{\text{drop-off}} \) in the remainder. The surveillance sub-mission \( \varphi _{\text{surveil}} \) requires the Stadium region to be surveilled by at least one UAV for the first 35 time steps. Formally, it is defined as \( \begin{equation*} \varphi _{\text{surveil}} :=\square _{[0,\, 35]} \left(pos^{(1)} \in {\it Stadium}\ \vee \ pos^{(2)} \in {\it Stadium}\right)\!, \end{equation*} \) where \( {\it Stadium} \) is a rectangle; i.e., \( pos^{(d)}\in {\it Stadium} \) is a conjunction of four linear predicates \( x^{(d)} \le 10 \), \( x^{(d)} \ge 6 \), \( y^{(d)} \le 5 \), \( y^{(d)} \ge 1 \); see Figure 14.
Fig. 14. The nominal UAV trajectories under the optimal control inputs generated by solving Problem 1 with the left synchronous temporal robustness as an objective. The achieved robustness is \( \eta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}_\text{sync},0) = 10 \) time steps. The initial positions are marked by \( \star \) .
The second submissions \( \varphi _{\text{pick-up}} \) and \( \varphi _{\text{drop-off}} \) specify that the second UAV must reach HUP for a pick-up between 10 and 20 time steps. It is required to stay there for 5 time steps, which are needed for the loading before departing to Smilow, where it supposed to spend all the time between 30 and 35 time steps needed for a drop-off. These two sub-missions are formally defined as follows: \( \begin{equation*} \varphi _{\text{pick-up}} :=\Diamond _{[10, 20]}\square _{[0,\, 5]}\left(pos^{(2)} \in {\it HUP}\right)\!, \end{equation*} \) \( \begin{equation*} \varphi _{\text{drop-off}} :=\square _{[30,\, 35]} \left(pos^{(2)} \in {\it Smilow}\right)\!. \end{equation*} \)
Now, in order to generate optimal control inputs, we solve Problem 1 for two different objectives: the left synchronous temporal robustness according to Section 6.2 and the left asynchronous temporal robustness according to Section 6.3.
First, we solved Problem 1 with the left synchronous temporal robustness objective, \( \vartheta :=\eta ^+_{\varphi _{\text{MAS}}} \), horizon \( H:=50, \) and the desired temporal robustness lower bound \( \vartheta ^*:=1 \). It led to the optimal trajectory \( \mathbf {x}_\text{sync} \) and the left temporal robustness value of \( \eta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}_\text{sync},0) = 10 \) time units. The visualization of \( \mathbf {x}_\text{sync} \) is presented in Figure 14 and simulation is available at https://tinyurl.com/syncrobust. In Table 3, we show that the solver takes only 0.7 seconds on average to solve Problem 1 after the problem has been defined using YALMIP, which takes an additional 0.65 seconds. The implementation results in 1,165 Boolean and 226 integer variables. Since \( \eta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}_\text{sync},0)\gt 0, \) the produced optimal signal \( \mathbf {x}_\text{sync} \) leads to a satisfaction of the mission \( \varphi _{\text{MAS}} \). Furthermore, any time disturbances that could lead to \( \tau \)-early signals by up to \( \tau =10 \) time steps would still be tolerated by the system and lead to a satisfaction of \( \varphi _{\text{MAS}} \), as analyzed in the two previous case studies.
Computation time includes mean \( \pm \) standard deviation of YALMIP time (the time used to build the MILP and convert it into appropriate format for the solver) and Solver time (the time taken by Gurobi to solve the problem). Results obtained from 100 runs of Problem 1 with initial positions chosen at random in small proximity of \( pos_{0}^{(1)} \) and \( pos_{0}^{(2)} \).
Table 3. Computational Complexity Report
Computation time includes mean \( \pm \) standard deviation of YALMIP time (the time used to build the MILP and convert it into appropriate format for the solver) and Solver time (the time taken by Gurobi to solve the problem). Results obtained from 100 runs of Problem 1 with initial positions chosen at random in small proximity of \( pos_{0}^{(1)} \) and \( pos_{0}^{(2)} \).
Next, we solved Problem 1 with the left asynchronous temporal robustness objective, \( \vartheta :=\theta ^+_{\varphi _{\text{MAS}}} \), same horizon \( H:=50, \) and the same desired temporal robustness lower bound \( \vartheta ^*:=1 \). It led to the optimal signal \( \mathbf {x}_\text{asyn} \) presented in Figure 15 and the left temporal robustness value of \( \theta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}_\text{asyn},0) = 4 \) time steps; see Figure 16 for the evaluation of the predicate signals. Simulation is available at https://tinyurl.com/asynrob. In Table 3, we show that the maximization of \( \theta ^+_{\varphi _{\text{MAS}}}(\mathbf {x},0) \) is more computationally challenging than the previous maximization of \( \eta ^+_{\varphi _{\text{MAS}}}(\mathbf {x},0) \). It results in 2,026 Boolean and 2,095 integer variables and the solver needs 69.6 seconds on average to solve Problem 1. This result is expected as previously analyzed in Propositions 6.1 and 6.3, where the number of binary and integer variables required for the MILP encoding of \( \theta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}) \) is a function of \( O(H\cdot (|AP|+|\varphi _{\text{MAS}}|)) \), while the MILP encoding of \( \eta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}) \) is computationally more tractable and requires only \( O(H\cdot |AP|) \) binary and \( O(H\cdot |\varphi _{\text{MAS}}|) \) integer variables.
Fig. 15. Nominal UAV trajectories under the control policies generated by solving Problem 1 with the left asynchronous temporal robustness. The found robustness value is \( \theta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}_\text{asyn},0) = 4 \) time steps. Initial positions marked by \( \star \) .
Fig. 16. Characteristic function evolution of four predicates consisting in \( \varphi _{\text{MAS}} \) over the signal \( \mathbf {x}_\text{asyn} \) . Found maximum left asynchronous temporal robustness is \( \theta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}_\text{asyn},0) = 4 \) . For a predicate \( p_2:=pos^{(2)}\in Stadium \) , the five points depicted in green show that only 4 time steps into the future can be done from time \( t=7 \) before \( p_2 \) satisfaction changes; therefore, \( \theta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}_\text{asyn}, 0)=\theta ^+_{p_2}(\mathbf {x}_\text{asyn}, 7)=4 \) .
Let us now look at Figure 15 and denote the predicates \( p_1 := pos^{(1)}\in Stadium \) and \( p_2:=pos^{(2)}\in Stadium \). Then from Figure 15(a) one can see that \( \chi _{p_1}(\mathbf {x}_\text{asyn}, t)=-1 \) for all time points \( t=0,\ldots , 7 \) but \( \chi _{p_2}(\mathbf {x}_\text{asyn}, t)=1 \) for \( t=0,\ldots ,11 \). Therefore, \( \theta ^+_{p_1 \vee p_2}(\mathbf {x}_\text{asyn}, 7) \) = \( \max (\theta ^+_{p_1}(\mathbf {x}_\text{asyn},7), \theta ^+_{p_2}(\mathbf {x}_\text{asyn}, 7)) = \max (0, 4) = 4 \), and thus, \( \theta ^+_{\varphi _{\text{MAS}}}(\mathbf {x}_\text{asyn}, 0) \) = \( \theta ^+_{\varphi _{\text{surveil}}}(\mathbf {x}_\text{asyn}, 0) = 4 \).
The fact that \( \theta ^+_{\varphi _{\text{MAS}}}(\mathbf {x},0)\lt 10 \) is expected due to Theorem 4.10. Adding the constraint \( \theta ^+_{\varphi _{\text{MAS}}}(\mathbf {x},0)\lt 10 \) to the overall MILP implementation of Problem 1 with the left asynchronous temporal robustness objective leads to a problem with 11,144 constraints but faster solver computation time, 61.6 seconds on average; see Table 3.
8 CONCLUSIONS AND FUTURE WORK
This work presents a theoretical framework for temporal robustness of Signal Temporal Logic (STL) specifications, which are interpreted over continuous and discrete time signals. In particular, we defined synchronous and asynchronous temporal robustness and showed that these notions quantify the robustness with respect to synchronous and asynchronous time shifts in the predicates of signal temporal logic specifications.
For both notions of temporal robustness, we analyzed their desirable properties and showed that the asynchronous temporal robustness is upper bounded by the synchronous temporal robustness in its absolute value. We further showed two particular STL fragments for which the two robustness notions are equivalent.
We further addressed the control synthesis problem in which we aim to design a control law that maximizes the temporal robustness of a dynamical system. We presented Mixed-Integer Linear Programming (MILP) encodings for the synchronous and asynchronous temporal robustness that solve the control synthesis problem.
We are currently exploring several future research directions. First, we are interested in the control synthesis problem when considering the temporal robustness of stochastic dynamical systems. We also explore STL robustness notions that combine spatial and temporal robustness. Third, we are interested in computationally more tractable solutions to the control synthesis problem with temporal robustness objectives.
APPENDICES
A PROOFS OF SECTION 4
A.1 Proof of Theorem 4.1
Follows directly from Definition 3.1. We are going to prove items (1) and (3). Items (2) and (4) can be proven analogously.
Item (1) states that \( \eta ^{\pm }_\varphi (\mathbf {x},t) \gt 0 \ \Longrightarrow \ \chi _\varphi (\mathbf {x},t)= 1 \). By Definition 3.1, \( \eta ^{\pm }_\varphi (\mathbf {x},t) = \chi _\varphi (\mathbf {x}, t)\cdot \sup \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in t\pm [0,\tau ],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t)\rbrace \). Since \( \eta ^{\pm }_\varphi (\mathbf {x},t) \gt 0 \), \( \tau \ge 0 \) and \( \chi \in \lbrace \pm 1\rbrace \), then \( \chi _\varphi (\mathbf {x}, t) = 1 \).
Item (3) states that \( \chi _\varphi (\mathbf {x},t)= 1 \ \Longrightarrow \ \eta ^{\pm }_\varphi (\mathbf {x},t) \ge 0 \). Since \( \chi _\varphi (\mathbf {x},t)= 1, \) then by Definition 3.1, \( \eta ^{\pm }_\varphi (\mathbf {x},t) = \sup \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in t\pm [0,\tau ],\ \chi _\varphi (\mathbf {x},t^{\prime })=1\rbrace \ge 0 \).
A.2 Proof of Corollary 4.2
Corollary 4.2 is a direct consequence of Theorem 4.1. Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {T}\rightarrow X \) be a signal, and \( t\in \mathbb {T} \) be a time point.
A.3 Proof of Theorem 4.3
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {R}\rightarrow X \) be a continuous-time signal, and \( t\in \mathbb {R} \) be a time point. For any value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), we want to prove the synchronous temporal robustness \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|=r \) if and only if \( \forall t^{\prime }\in t\pm [0, r) \), \( \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t), \) and if \( r\lt \infty , \) then \( \forall \epsilon \gt 0 \), \( \exists \tau \in [r, r+\epsilon) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)\not=\chi _\varphi (\mathbf {x},t) \).
Let \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|=r \). Denote the set \( \varUpsilon =\lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in t\pm [0,\tau ],\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t)\rbrace \). To prove the result we distinguish between the cases of \( r=\infty \) and \( r\lt \infty \) as following:
\( (1) \) Let \( r=\infty \). Then by Definition 3.1, \( \sup \varUpsilon =|\eta ^{\pm }_\varphi (\mathbf {x}, t)|=\infty \). Therefore, we have to show that \( \begin{equation*} \sup \varUpsilon =\infty \ \Longleftrightarrow \ \forall t^{\prime }\in t\pm [0, \infty),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t), \end{equation*} \) which follows from the definition of the supremum for the unbounded set.
\( (2) \) Let \( r\lt \infty \). Then we must show that (33) \( \begin{equation} \begin{aligned}\sup \varUpsilon =r\quad \Longleftrightarrow \quad &\forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \qquad \text{and}\\ & \forall \epsilon \gt 0,\ \exists \tau \in [r, r+\epsilon),\ \chi _{\varphi }(\mathbf {x},t \pm \tau)\not=\chi _\varphi (\mathbf {x},t). \end{aligned} \end{equation} \) We next prove sufficiency (\( \Longrightarrow \)) and necessity (\( \Longleftarrow \)) of Equation (33) as follows:
\( \Longrightarrow \) Let \( \sup \varUpsilon =r \). Since \( r\lt \infty , \) we can apply the \( \epsilon \) definition of supremum: \( \forall \epsilon \gt 0 \), \( \exists \tau ^*\in \varUpsilon \) such that \( \tau ^*\gt r-\epsilon \); i.e., the following holds: \( \begin{equation*} \forall \epsilon \gt 0,\ \exists \tau ^*\ge 0,\ \tau ^*\gt r-\epsilon \ \text{such that}\ \forall t^{\prime }\in t\pm [0,\tau ^*],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t). \end{equation*} \) Since \( [0,r-\epsilon ]\subset [0,\tau ^*], \) then it holds that (34) \( \begin{equation} \forall \epsilon \gt 0,\ \forall t^{\prime }\in t\pm [0,r-\epsilon ],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t). \end{equation} \)
First, we want to prove that the first line of the RHS of Equation (33) holds; i.e., we want to show that \( \forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \). Assume the opposite; i.e., assume that \( \exists \tau ^*\in [0, r) \) such that \( \chi _\varphi (\mathbf {x},t\pm \tau ^*)\not= \chi _\varphi (\mathbf {x},t) \). We can represent such \( \tau ^*=r-\epsilon ^* \) for some \( \epsilon ^* \), \( 0\lt \epsilon ^*\le r \). Then due to Equation (34), \( \forall t^{\prime }\in t\pm [0,r-\epsilon ^*] \), \( \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \), which contradicts with the above \( \chi _\varphi (\mathbf {x},t\pm \tau ^*)\not= \chi _\varphi (\mathbf {x},t) \). Thus, it indeed holds that \( \begin{equation} \forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t). \end{equation} \)
Second, we want to prove that the second line of the RHS of Equation (33) holds; i.e., we want to show that \( \forall \epsilon \gt 0,\ \exists \tau \in [r, r+\epsilon),\ \chi _{\varphi }(\mathbf {x},t \pm \tau)\not=\chi _\varphi (\mathbf {x},t) \). Assume the opposite; i.e., assume \( \exists \epsilon ^*\gt 0 \), \( \forall \tau \in [r, r+\epsilon ^*) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=\chi _\varphi (\mathbf {x},t) \), which can be rewritten as \( \exists \epsilon ^*\gt 0 \), \( \forall t^{\prime }\in t\pm [r, r+\epsilon ^*) \), \( \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \). In combination with Equation \( (35) \), we get \( \exists \epsilon ^*\gt 0 \), \( \forall t^{\prime }\in t\pm [0, r+\epsilon ^*),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \). Since \( \epsilon ^*\gt 0, \) then \( \tau ^*=r+\frac{\epsilon ^*}{2}\in [0, r+\epsilon ^*) \) and \( \tau ^*\ge 0 \); therefore, \( \tau ^* \in \varUpsilon , \) but also \( \tau ^* \gt r, \) which is a contradiction, since any value \( \tau \in \varUpsilon \) should be \( \tau \le r \) (since \( \sup \varUpsilon = r \)). Thus, it indeed holds that \( \forall \epsilon \gt 0 \), \( \exists \tau \in [r, r+\epsilon) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)\not=\chi _\varphi (\mathbf {x},t) \).
\( \Longleftarrow \) Let \( \forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \) and \( \forall \epsilon \gt 0,\ \exists \tau \in [r, r+\epsilon),\ \chi _{\varphi }(\mathbf {x},t \pm \tau)\not=\chi _\varphi (\mathbf {x},t) \), where \( r\lt \infty \). Below we show that \( \sup \varUpsilon =r \).
First, we are going to show that \( \forall s\in \varUpsilon \), \( s\le r \). Assume the opposite; assume \( \exists s=s^*\in \varUpsilon \) such that \( s^* \gt r \). From the definition of \( \varUpsilon \) this can be rewritten as \( \exists s^* (s^*\gt r\ \wedge \ \forall t^{\prime }\in t\pm [0,s^*],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t)) \). Take \( \epsilon = s^*-r \). Since \( s^*\gt r \), \( \epsilon \gt 0 \); therefore, from what is given, \( \exists \tau \in [r, r+\epsilon)=[r,s^*),\ \chi _{\varphi }(\mathbf {x},t \pm \tau)\not=\chi _\varphi (\mathbf {x},t) \). But since \( [r,s^*)\subset [0, s^*], \) then \( \tau \in [0, s^*], \) which is a contradiction with the assumed. Therefore, it indeed holds that \( \forall s\in \varUpsilon \), \( s\le r \).
Second, we are going to show that \( \forall \epsilon \gt 0 \), \( \exists \tau ^*\in \varUpsilon \) such that \( \tau ^*\gt r-\epsilon \). Take any \( \epsilon \gt 0 \).
If \( r\lt \frac{\epsilon }{2} \), i.e., \( r-\epsilon \lt r-\frac{\epsilon }{2}\lt 0, \) then let \( \tau ^*=0 \). In this case, \( \tau ^*\in \varUpsilon \) and \( \tau ^*\gt r-\epsilon \).
If \( r\ge \frac{\epsilon }{2} \), then let \( \tau ^*=r-\frac{\epsilon }{2} \). In this case, \( \tau ^*\ge 0 \) and \( \tau ^*=r-\frac{\epsilon }{2} \gt r-\epsilon \). Also, we know that \( \forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \). Since \( [0, r-\frac{\epsilon }{2}] \subset [0, r), \) then \( \forall t^{\prime }\in t\pm [0, \tau ^*] \), \( \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \), i.e., \( \tau ^*\in \varUpsilon \).
A.4 Proof of Equation (9) (Theorem 4.3 for Discrete-time)
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {Z}\rightarrow X \) be a discrete-time signal, and \( t\in \mathbb {Z} \) be a time point. For any finite value \( r\in \mathbb {Z}_{\ge 0} \), we want to prove that the synchronous temporal robustness \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|=r \) if and only if \( \forall t^{\prime }\in t\pm [0, r] \), \( \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t), \) and \( \chi _{\varphi }(\mathbf {x},t \pm (r+1))\not=\chi _\varphi (\mathbf {x},t) \).
Let \( |\eta ^{\pm }_\varphi (\mathbf {x},t)| =r \). Denote the set \( \varUpsilon =\lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in t\pm [0,\tau ],\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t)\rbrace \). Then, by Definition 3.1, \( |\eta ^{\pm }_\varphi (\mathbf {x},t)|=\sup \varUpsilon =r \). Since r is finite and \( t\in \mathbb {Z}, \) then it holds that \( \sup \varUpsilon =\max \varUpsilon =r \), which holds if and only if \( \forall t^{\prime }\in t\pm [0, r] \), \( \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \) and \( \chi _{\varphi }(\mathbf {x},t \pm (r+1))\not=\chi _\varphi (\mathbf {x},t) \).
A.5 Proof of Theorem 4.4
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {R}\rightarrow X \) be a continuous-time signal, and \( t\in \mathbb {R} \) be a time point. For any value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), we want to prove that if the synchronous temporal robustness \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|= r, \) then \( \forall \tau \in [0, r) \), \( |\eta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| = r-\tau \).
Let \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|= r\ge 0 \). To prove the result, we distinguish between the cases of \( r=\infty \) and \( r\lt \infty \):
(1) | Let \( r=\infty \). Then according to Theorem 4.3, \( \forall \tau \in [0, \infty),\ \chi _{\varphi }(\mathbf {x},t \pm \tau)=\chi _\varphi (\mathbf {x},t) \). Take any \( \tau \in [0, \infty) \); then it holds that \( \forall \tau ^{\prime }\in [0, \infty) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau \pm \tau ^{\prime })=\chi _\varphi (\mathbf {x},t \pm \tau) \). Thus, according to Theorem 4.3, \( |\eta ^{\pm }_\varphi (\mathbf {x}, t \pm \tau)|=\infty = \infty - \tau \). | ||||
(2) | Let \( r\lt \infty \). Then according to Theorem 4.3, \( \forall \tau \in [0, r),\ \chi _{\varphi }(\mathbf {x},t\pm \tau)=\chi _\varphi (\mathbf {x},t) \) and \( \forall \epsilon \gt 0,\ \exists \tilde{\tau }\in [r, r+\epsilon),\ \chi _{\varphi }(\mathbf {x},t \pm \tilde{\tau })\not=\chi _\varphi (\mathbf {x},t) \). Take any \( \tau \in [0, r) \). Then the first property leads to \( \forall \tau ^{\prime } \in [0, r-\tau),\ \chi _{\varphi }(\mathbf {x},t\pm \tau \pm \tau ^{\prime })=\chi _\varphi (\mathbf {x},t\pm \tau)=\chi _{\varphi }(\mathbf {x},t) \). The second property leads to \( \forall \epsilon \gt 0,\ \exists \tilde{\tau }\in [r-\tau , r+\epsilon -\tau),\ \chi _{\varphi }(\mathbf {x},t \pm \tau \pm \tilde{\tau })\not=\chi _\varphi (\mathbf {x},t)=\chi _\varphi (\mathbf {x},t\pm \tau) \). The combination of these two due to Theorem 4.3 leads to \( |\eta ^{\pm }_\varphi (\mathbf {x}, t\pm \tau)|=r-\tau \). | ||||
A.6 Proof of Equation (10) (Theorem 4.4 for Discrete-time)
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {Z}\rightarrow X \) be a discrete-time signal, and \( t\in \mathbb {Z} \) be a time point. For any finite value \( r\in \mathbb {Z}_{\ge 0} \), we want to prove that if \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|= r, \) then \( \forall \tau \in [0, r] \), \( |\eta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| = r-\tau \).
Let \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|= r \). Then according to Equation (9), it holds that \( \forall \tau \in [0, r],\ \chi _{\varphi }(\mathbf {x},t\pm \tau)=\chi _\varphi (\mathbf {x},t), \) and \( \chi _{\varphi }(\mathbf {x},t \pm (r+1))\not=\chi _\varphi (\mathbf {x},t) \). Take any \( \tau \in [0, r] \). Then the first property leads to \( \forall \tau ^{\prime } \in [0, r-\tau ],\ \chi _{\varphi }(\mathbf {x},t\pm \tau \pm \tau ^{\prime })=\chi _\varphi (\mathbf {x},t\pm \tau)=\chi _{\varphi }(\mathbf {x},t) \). The second property leads to \( \chi _{\varphi }(\mathbf {x},t \pm \tau \pm (r- \tau +1))\not=\chi _\varphi (\mathbf {x},t)=\chi _\varphi (\mathbf {x},t\pm \tau) \). The combination of these two due to Equation (10) leads to \( |\eta ^{\pm }_\varphi (\mathbf {x}, t\pm \tau)|=r-\tau \).
A.7 Proof of Theorem 4.5
In this proof, we will use the following lemma.
For a set \( S\subseteq \overline{ \mathbb {R}}, \) if \( \sup S\gt 0, \) then \( \exists s\in S \) such that \( s\gt 0 \).
Let a set \( S\subseteq \overline{ \mathbb {R}} \) be such that \( \sup S\gt 0 \). Assume the opposite of what we want to prove; i.e., assume that \( \forall s\in S \), \( s\le 0 \). Then 0 is an upper bound of S. So \( \sup S \le 0 \) but we are given \( \sup S\gt 0, \) which is a contradiction. Therefore, \( \exists s\in S \) such that \( s\gt 0 \).□
To prove Theorem 4.5, we are going to prove items (1) and (3). Items (2) and (4) can be proven analogously.
(1) We want to prove that \( \theta ^{\pm }_\varphi (\mathbf {x},t) \gt 0 \Longrightarrow \chi _\varphi (\mathbf {x},t)= 1 \). Thus, let \( \theta ^{\pm }_\varphi (\mathbf {x},t) \gt 0 \). The rest of the proof is by induction on the structure of formula \( \varphi \).
Case | \( \varphi =p \). Since we are given that \( \theta ^{\pm }_p(\mathbf {x},t) \gt 0 \), then due to Corollary 4.9, \( \eta ^{\pm }_p(\mathbf {x},t) \gt 0, \) which due to Theorem 4.1 leads to \( \chi _p(\mathbf {x},t)= 1 \). | ||||
Case | \( \varphi =\lnot \varphi _1 \). Since \( \theta ^{\pm }_{\lnot \varphi _1}(\mathbf {x},t) \gt 0, \) then due to Equation (6) it holds that \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)\lt 0 \). By the induction hypothesis for \( \varphi _1 \) we get that \( \chi _{\varphi _1}(\mathbf {x},t)=-1 \), and thus by Definition 2.1, \( \chi _{\lnot \varphi _1}(\mathbf {x},t)=-\chi _{\varphi _1}(\mathbf {x},t) =1 \). | ||||
Case | \( \varphi =\varphi _1\wedge \varphi _2 \). Since \( \theta ^{\pm }_{ \varphi _1 \wedge \varphi _2}(\mathbf {x},t) = \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t) \gt 0 \), both terms are positive: \( \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \gt 0 \) and \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t) \gt 0 \). By the induction hypothesis we get that \( \chi _{ \varphi _1}(\mathbf {x},t)=\chi _{ \varphi _2}(\mathbf {x},t)=1 \), and thus by Definition 2.1, \( \chi _{ \varphi }(\mathbf {x},t)= \chi _{ \varphi _1}(\mathbf {x},t) \sqcap \chi _{ \varphi _2}(\mathbf {x},t)=1 \). | ||||
Case | \( \varphi =\varphi _1 \mathcal {U}_I\varphi _2 \). Since \( \theta ^{\pm }_\varphi (\mathbf {x},t) \gt 0, \) then due to Lemma A.1 and Definition 3.2 for the Until operator, \( \exists t^{\prime }\in t+ I \) such that \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime }) \ \sqcap \ \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })\gt 0 \). Now due to the infimum operators, \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime }) \gt 0 \) and \( \forall t^{\prime \prime } \in [t,t^{\prime }) \), \( \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })\gt 0 \). Therefore, from the induction hypothesis, \( \exists t^{\prime }\in t+I \), \( \chi _{ \varphi _2}(\mathbf {x},t^{\prime })=1 \) and \( \forall t^{\prime \prime } \in [t,t^{\prime }) \), \( \chi _{ \varphi _1}(\mathbf {x},t^{\prime \prime })=1 \). And thus, \( \chi _{ \varphi }(\mathbf {x},t) = 1 \). | ||||
(3) We want to prove that \( \chi _\varphi (\mathbf {x},t)= 1\Longrightarrow \theta ^{\pm }_\varphi (\mathbf {x},t) \ge 0 \). Thus, let \( \chi _\varphi (\mathbf {x},t)= 1 \). The rest of the proof is by induction on the structure of formula \( \varphi \).
\( \varphi =p \). Since we are given that \( \chi _p(\mathbf {x},t) = 1, \) then due to Theorem 4.1(3) it holds that \( \eta ^{\pm }_p(\mathbf {x},t)\ge 0 \) and thus, due to Corollary 4.9, \( \theta ^{\pm }_p(\mathbf {x},t)=\eta ^{\pm }_p(\mathbf {x},t) \ge 0 \).
\( \varphi =\lnot \varphi _1 \). Since we are given that \( \chi _{\lnot \varphi _1}(\mathbf {x},t) = 1, \) then it holds that \( \chi _{\varphi _1}(\mathbf {x},t)=-1 \). By the induction hypothesis for \( \varphi _1 \), \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le 0 \), and thus due to Equation (6), \( \theta ^{\pm }_{\lnot \varphi _1}(\mathbf {x},t) = - \theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \ge 0 \).
\( \varphi =\varphi _1\wedge \varphi _2 \). Since \( \chi _\varphi (\mathbf {x}, t)=\chi _{ \varphi _1}(\mathbf {x}, t) \sqcap \chi _{ \varphi _2}(\mathbf {x},t) = 1, \) then both \( \chi _{ \varphi _1}(\mathbf {x},t)=1 \) and \( \chi _{ \varphi _2}(\mathbf {x},t)=1 \). By the induction hypothesis we get that \( \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t)\ge 0 \) and \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)\ge 0 \) and thus, \( \theta ^{\pm }_ \varphi (\mathbf {x},t)= \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t)\sqcap \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t) \ge 0 \).
\( \varphi =\varphi _1 \mathcal {U}_I\varphi _2 \). Since \( \chi _\varphi (\mathbf {x},t)= 1, \) then from the definition of the characteristic function for the Until operator, \( \exists t^{\prime }\in t+ I \) such that \( \chi _{ \varphi _2}(\mathbf {x},t^{\prime })=1 \) and \( \forall t^{\prime \prime } \in [t,t^{\prime }) \), \( \chi _{ \varphi _1}(\mathbf {x},t^{\prime \prime }) = 1 \). By the induction hypothesis we obtain that \( \exists t^{\prime }\in t+ I \) such that \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })\ge 0 \) and \( \forall t^{\prime \prime } \in [t,t^{\prime }) \), \( \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })\ge 0, \) and thus, by Equation (8) we conclude that \( \theta ^{\pm }_ \varphi (\mathbf {x},t)\ge 0. \)
A.8 Proof of Corollary 4.6
Corollary 4.6 is a direct consequence of Theorem 4.5. Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {T}\rightarrow X \) be a signal, and \( t\in \mathbb {T} \) be a time point.
A.9 Proof of Theorem 4.7
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {R}\rightarrow X \) be a continuous-time signal, and \( t\in \mathbb {R} \) be a time point. For any value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), we want to prove that if \( |\theta ^{\pm }_\varphi (\mathbf {x},t)| = r, \) then \( \forall t^{\prime }\in t \pm \,[0,r) \), \( \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \).
Note that the result is trivial for \( r=0 \). Therefore, let \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0 \). The rest of the proof is by induction on the structure of the formula \( \varphi \).
(1) | \( \varphi =p \). Since \( |\theta ^{\pm }_p(\mathbf {x}, t)|= r, \) then due to Corollary 4.9, \( |\eta ^{\pm }_p(\mathbf {x},t)|=r \). From Theorem 4.3 we get that \( \forall t^{\prime }\in t\pm [0,r),\ \chi _p(\mathbf {x},t^{\prime })=\chi _p(\mathbf {x},t) \). | ||||||||||||||||
(2) | \( \varphi = \lnot \varphi _1 \). Since \( |\theta ^{\pm }_{\lnot \varphi _1}(\mathbf {x},t)| =r, \) then due to Equation (6), it holds that \( |\theta ^{\pm }_{\varphi _1}(\mathbf {x},t)|=r \). By the induction hypothesis for \( \varphi _1 \) we get that \( \forall t^{\prime }\in t\pm [0,r),\ \chi _{\varphi _1}(\mathbf {x},t^{\prime })=\chi _{\varphi _1}(\mathbf {x},t) \). Therefore, due to Definition 2.1, it holds that \( \forall t^{\prime }\in t\pm [0,r)\quad \chi _{\lnot \varphi _1}(\mathbf {x},t^{\prime }) = -\chi _{\varphi _1}(\mathbf {x},t^{\prime }) = -\chi _{\varphi _1}(\mathbf {x},t) = \chi _{\lnot \varphi _1}(\mathbf {x},t) \). | ||||||||||||||||
(3) | \( \varphi =\varphi _1 \wedge \varphi _2 \). We consider the two separate cases of \( \chi _{\varphi }(\mathbf {x},t)= 1 \) and \( \chi _{\varphi }(\mathbf {x},t)= -1 \) as follows: 1. Let \( \chi _{\varphi }(\mathbf {x},t)= 1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(3), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = r\gt 0 \). WLOG assume that \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t) \). Therefore, \( |\theta ^{\pm }_\varphi (\mathbf {x},t)|= \theta ^{\pm }_\varphi (\mathbf {x},t)\overset{(7)}{=} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)= \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)=r \). If we denote \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)=j, \) then \( 0\lt r=\theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t)=j \). From \( r\le j \) and by the induction hypothesis for \( \varphi _k \) for \( k\in \lbrace 1,2\rbrace , \) it holds that \( \forall t^{\prime }\in t\pm [0,r) \), \( \chi _{\varphi _k}(\mathbf {x},t^{\prime })=\chi _{\varphi _k}(\mathbf {x},t) \). Thus, using Definition 2.1, \( \forall t^{\prime }\in t\pm [0,r), \) it holds that \( \chi _{\varphi }(\mathbf {x},t^{\prime }) = \chi _{\varphi _1}(\mathbf {x},t^{\prime }) \sqcap \chi _{\varphi _2}(\mathbf {x},t^{\prime })= \chi _{\varphi _1}(\mathbf {x},t) \sqcap \chi _{\varphi _2}(\mathbf {x},t)= \chi _\varphi (\mathbf {x},t) \). 2. Let \( \chi _{\varphi }(\mathbf {x},t)= -1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(4), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = -r\lt 0 \). WLOG assume that \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t) \). Therefore, \( -|\theta ^{\pm }_\varphi (\mathbf {x},t)|= \theta ^{\pm }_\varphi (\mathbf {x},t)\overset{(7)}{=} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)= \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)=-r\lt 0 \). Since \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)\lt 0, \) then \( \chi _{\varphi _1}(\mathbf {x},t)=-1 \). From the induction hypothesis for \( \varphi _1 \) we get that \( \forall t^{\prime }\in t\pm [0,r) \), \( \chi _{\varphi _1}(\mathbf {x},t^{\prime })=\chi _{\varphi _1}(\mathbf {x},t)=-1 \). Thus, by Definition 2.1, \( \forall t^{\prime }\in t\pm [0,r), \) it holds that \( \chi _{\varphi }(\mathbf {x},t^{\prime }) = \chi _{\varphi _1}(\mathbf {x},t^{\prime }) \sqcap \chi _{\varphi _2}(\mathbf {x},t^{\prime })= -1 \sqcap \chi _{\varphi _2}(\mathbf {x},t^{\prime })= -1= \chi _\varphi (\mathbf {x},t) \). | ||||||||||||||||
(4) | \( \varphi = \varphi _1 \mathcal {U}_I \varphi _2 \). We consider the two separate cases of \( \chi _{\varphi }(\mathbf {x},t)= 1 \) and \( \chi _{\varphi }(\mathbf {x},t)= -1 \) as follows: 1. Let \( \chi _{\varphi }(\mathbf {x},t)= 1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(3), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = r\gt 0 \); therefore, due to Equation (8), it holds that \( \bigsqcup _{t^{\prime }\in t+I} \left(\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime }) \ \sqcap \ \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \right) = r\gt 0 \). To prove the rest we distinguish between the cases of \( r\lt \infty \) and \( r=\infty \) as follows: 1.1. Let \( r\lt \infty \). Then due to the \( \epsilon \) definition of the supremum, the following holds: \( \begin{equation} \forall \epsilon \gt 0,\ \exists t^{\prime }\in t+I,\quad \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime }) \ \sqcap \ \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \gt r-\epsilon , \end{equation} \) which by the definition of the infimum (\( \forall x,\ \inf f(x) \le f(x) \)) further leads to \( \begin{equation} \forall \epsilon \gt 0,\ \exists t^{\prime }\in t+I\ \left(\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })\gt r-\epsilon \quad \wedge \quad \forall t^{\prime \prime } \in [t,t^{\prime }),\ \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \gt r-\epsilon \right)\hspace{-2.5pt}. \end{equation} \) Note that since \( r\gt 0, \) then using Theorem 4.5, \( \chi _{\varphi _2}(\mathbf {x},t^{\prime })=\chi _{\varphi _1}(\mathbf {x},t^{\prime \prime })=1 \). By the induction hypothesis we get that \( \begin{equation*} \begin{aligned}\forall \epsilon \gt 0,\ &\exists t^{\prime }\in t+I\ (\forall \tau \in [0,\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })),\ \chi _{\varphi _2}(\mathbf {x},t^{\prime } \pm \tau)=1\ \wedge \\ &\forall t^{\prime \prime } \in [t,t^{\prime }), \forall \tau \in [0,\theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })),\ \chi _{\varphi _1}(\mathbf {x},t^{\prime \prime } \pm \tau)=1), \end{aligned} \end{equation*} \) where \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime }) \gt r-\epsilon \) and \( \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \gt r-\epsilon \). Therefore, \( [0,\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })) \supset [0, r-\epsilon) \) and \( [0,\theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })) \supset [0, r-\epsilon) \). Thus, \( \begin{equation*} \begin{aligned}\forall \epsilon \gt 0,\ &\exists t^{\prime }\in t+I\ (\forall \tau \in [0,r-\epsilon),\ \chi _{\varphi _2}(\mathbf {x},t^{\prime } \pm \tau)=1\ \wedge \\ &\forall t^{\prime \prime } \in [t,t^{\prime }), \forall \tau \in [0,r-\epsilon),\ \chi _{\varphi _1}(\mathbf {x},t^{\prime \prime } \pm \tau)=1). \end{aligned} \end{equation*} \) Therefore, due to Lemma D.1(1–3), it holds that \( \forall \epsilon \gt 0 \), \( \forall \tau \in [0,r-\epsilon) \), \( \exists t^{\prime }\in t+I \), \( \begin{equation*} \chi _{\varphi _2}(\mathbf {x},t^{\prime } \pm \tau)=1\ \wedge \ \forall t^{\prime \prime } \in [t,t^{\prime }),\ \chi _{\varphi _1}(\mathbf {x},t^{\prime \prime } \pm \tau)=1. \end{equation*} \) Thus, by Definition 2.1, \( \forall \epsilon \gt 0,\ \forall \tau \in [0,r-\epsilon) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=1 \); thus,9\( \forall \tau \in [0,r) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=1 \). 1.2. Let \( r=\infty \). Then the following holds: \( \begin{equation} \forall M\in \mathbb {R},\ \exists t^{\prime }\in t+I,\quad \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime }) \ \sqcap \ \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \gt M, \end{equation} \) which is similar to Equation (36) but uses M instead of \( r-\epsilon \). Following the above steps, one can obtain that \( \forall M\in \mathbb {R} \), \( \forall \tau \in [0,M) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=1 \), i.e., \( \forall \tau \in [0,\infty) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=1 \). 2. Let \( \chi _{\varphi }(\mathbf {x},t)= -1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(4), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = -r\lt 0 \); therefore, due to Equation (8), it holds that \( \bigsqcup _{t^{\prime }\in t+I} \left(\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime }) \ \sqcap \ \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \right) = -r\lt 0 \). To prove the rest we distinguish between the cases of \( r=\infty \) and \( r\lt \infty \) as follows: 2.1 Let \( r=\infty \). Then we conclude that \( \forall t^{\prime }\in t+I \), \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })= -\infty \) or \( \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) = -\infty \). Therefore, by the definition of an infimum (unbounded set), the following holds: \( \begin{equation} \forall t^{\prime }\in t+I\ \left(\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })= -\infty \ \vee \ \forall M\in \mathbb {R}_+,\ \exists t^{\prime \prime }\in [t,t^{\prime }),\ \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \lt -M \right)\hspace{-2.5pt}. \end{equation} \) By the induction hypothesis and Lemma D.1(1), (2), and (4), it holds that \( \forall M\in \mathbb {R}_+ \), \( \forall \tau \in [0,M) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=-1 \); i.e., \( \forall \tau \in [0,\infty) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=-1 \). 2.2 Let \( r\lt \infty \). The supremum operator over \( t+I \) leads to each term being some \( -j_{t^{\prime }}\le -r \), and then the infimum operator leads to the following: \( \begin{equation} \forall t^{\prime }\in t+I,\ \exists j_{t^{\prime }}\ge r\gt 0\ \left(\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })= -j_{t^{\prime }} \vee \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) = -j_{t^{\prime }}\right)\hspace{-2.5pt}. \end{equation} \) Take any \( t^{\prime }\in t+I \); we will work with each \( j_{t^{\prime }} \) separately. We will distinguish between the cases of \( j_{t^{\prime }}\lt \infty \) and \( j_{t^{\prime }}=\infty \) as follows:
Note that Equations (42) and (44) are equivalent; therefore, they hold regardless of each \( j_{t^{\prime }} \) value. Thus, it holds that \( \forall t^{\prime }\in t+I \), \( \forall \tau \in [0, r) \), \( \chi _{ \varphi _2}(\mathbf {x},t^{\prime } \pm \tau)\ \sqcap \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \chi _{ \varphi _1}(\mathbf {x},t^{\prime \prime } \pm \tau)=-1 \), which due to Lemma D.1(1) leads to \( \forall \tau \in [0, r) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=-1 \). | ||||||||||||||||
A.10 Proof of Equation (11) (Theorem 4.7 for Discrete-time)
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {Z}\rightarrow X \) be a discrete-time signal, and \( t\in \mathbb {Z} \) be a time point. For any value \( r\in \mathbb {Z}_{\ge 0} \), we want to prove that if \( |\theta ^{\pm }_\varphi (\mathbf {x},t)| = r, \) then \( \forall t^{\prime }\in t \pm \,[0,r] \), \( \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \). Note that the result is trivial for \( r=0 \). Therefore, let \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0 \). The rest of the proof is by induction on the structure of the formula \( \varphi \) and follows the similar steps as Section A.9; therefore, we only present the base case.
Base case \( \varphi =p \). Since \( |\theta ^{\pm }_p(\mathbf {x}, t)|= r, \) then due to Corollary 4.9, \( |\eta ^{\pm }_p(\mathbf {x},t)|=r \). From Equation (9), i.e., Theorem 4.3 for discrete-time, we get that \( \forall t^{\prime }\in t\pm [0,r],\ \chi _p(\mathbf {x},t^{\prime })=\chi _p(\mathbf {x},t) \).
A.11 Proof of Theorem 4.8
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {R}\rightarrow X \) be a continuous-time signal, and \( t\in \mathbb {R} \) be a time point. For any value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), we want to prove that if \( |\theta ^{\pm }_\varphi (\mathbf {x},t)| = r, \) then \( \forall \tau \in [0,r) \), \( |\theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| \ge r-\tau \).
Note that the result is trivial for \( r=0 \). Therefore, let \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0 \). The rest of the proof is by induction on the structure of the formula \( \varphi \).
Case | \( \varphi =p \). Let \( |\theta ^{\pm }_p(\mathbf {x}, t)|= r \). Then due to Corollary 4.9, \( |\eta ^{\pm }_p(\mathbf {x}, t)|= r, \) and by Theorem 4.4, \( \forall \tau \in [0, r) \), \( |\eta ^{\pm }_{p}(\mathbf {x},t \pm \tau)| = r-\tau \), which again due to Corollary 4.9 leads to \( \forall \tau \in [0, r) \), \( |\theta ^{\pm }_{p}(\mathbf {x},t \pm \tau)| = r-\tau \). | ||||||||||||||||
Case | \( \varphi = \lnot \varphi _1 \). Since \( |\theta ^{\pm }_{\lnot \varphi _1}(\mathbf {x},t)| =r, \) then due to Equation (6) it holds that \( |\theta ^{\pm }_{\varphi _1}(\mathbf {x},t)|=r \). By the induction hypothesis for \( \varphi _1 \) we get that \( \forall \tau \in [0, r) \), \( |\theta ^{\pm }_{\varphi _1}(\mathbf {x},t \pm \tau)| \ge r-\tau \). Therefore, due to Definition 3.2, it holds that \( \forall \tau \in [0,r) \), \( |\theta ^{\pm }_{\lnot \varphi _1}(\mathbf {x},t \pm \tau)|= |\theta ^{\pm }_{\varphi _1}(\mathbf {x},t \pm \tau)| \ge r-\tau \). | ||||||||||||||||
Case | \( \varphi =\varphi _1 \wedge \varphi _2 \). We consider the two separate cases of \( \chi _{\varphi }(\mathbf {x},t)= 1 \) and \( \chi _{\varphi }(\mathbf {x},t)= -1 \) as follows: 1. Let \( \chi _{\varphi }(\mathbf {x},t)= 1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(3), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = r\gt 0 \). WLOG assume that \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t) \). Therefore, \( |\theta ^{\pm }_\varphi (\mathbf {x},t)|= \theta ^{\pm }_\varphi (\mathbf {x},t)\overset{(7)}{=} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)= \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)=r \). If we denote \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)=j, \) then \( 0\lt r=\theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t)=j \). Since \( \chi _{\varphi }(\mathbf {x},t)=1, \) then due to Definition 2.1, \( \chi _{\varphi _1}(\mathbf {x},t)=\chi _{\varphi _2}(\mathbf {x},t)=1, \) and since \( r\le j, \) then according to Theorem 4.7, \( \forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi _k}(\mathbf {x},t^{\prime })=1 \) for both \( k\in \lbrace 1,2\rbrace \). Due to Theorem 4.5, item 3, \( \forall t^{\prime }\in t\pm [0, r) \), \( \theta ^{\pm }_{\varphi _k}(\mathbf {x}, t^{\prime }) \ge 0, \) and thus, \( \theta ^{\pm }_{\varphi }(\mathbf {x}, t^{\prime }) \ge 0 \). From \( r\le j \) and the induction hypothesis we get that \( \forall \tau \in [0, r) \), \( |\theta ^{\pm }_{\varphi _1}(\mathbf {x},t \pm \tau)| \ge r-\tau \) and \( \forall \tau \in [0, j) \), \( |\theta ^{\pm }_{\varphi _2}(\mathbf {x},t \pm \tau)| \ge j -\tau \ge r-\tau \). Since \( [0, r)\subseteq [0, j) \), using Definition 3.2, we can conclude that \( \forall \tau \in [0,r) \), \( |\theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| = \theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau) = \theta ^{\pm }_{\varphi _1}(\mathbf {x},t \pm \tau) \sqcap \theta ^{\pm }_{\varphi _2}(\mathbf {x},t \pm \tau) \ge r-\tau \). 2. Let \( \chi _{\varphi }(\mathbf {x},t)= -1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(4), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = -r\lt 0 \). WLOG assume that \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t) \). Therefore, \( -|\theta ^{\pm }_\varphi (\mathbf {x},t)|= \theta ^{\pm }_\varphi (\mathbf {x},t)\overset{(7)}{=} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)= \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)=-r\lt 0 \), i.e., \( |\theta ^{\pm }_{\varphi _1}(\mathbf {x},t)| = -\theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \). Now from the induction hypothesis for \( \varphi _1 \) we get that \( \forall \tau \in [0, r) \), \( |\theta ^{\pm }_{\varphi _1}(\mathbf {x},t \pm \tau)| \ge r-\tau \). Note that since \( \theta ^{\pm }_{\varphi }(\mathbf {x},t)=-r, \) then due to Theorem 4.7, \( \forall t^{\prime }\in t\pm [0,r) \), \( \chi _{\varphi }(\mathbf {x}, t^{\prime }) =-1, \) and thus, due to Theorem 4.5, item 4, \( \theta ^{\pm }_{\varphi }(\mathbf {x}, t^{\prime }) \le 0 \). Thus, using Definition 3.2, we can conclude that \( \forall \tau \in [0,r) \), \( |\theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| = -\theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau) =-\theta ^{\pm }_{\varphi _1}(\mathbf {x},t \pm \tau) \sqcup -\theta ^{\pm }_{\varphi _2}(\mathbf {x},t \pm \tau) =\ |\theta ^{\pm }_{\varphi _1}(\mathbf {x},t \pm \tau)| \sqcup -\theta ^{\pm }_{\varphi _2}(\mathbf {x},t \pm \tau) \ge r-\tau \). | ||||||||||||||||
(4) | \( \varphi = \varphi _1\mathcal {U}_I \varphi _2 \). The proof is analogous to Section A.9. We consider the two separate cases of \( \chi _{\varphi }(\mathbf {x},t)= 1 \) and \( \chi _{\varphi }(\mathbf {x},t)= -1 \) as follows: 1. Let \( \chi _{\varphi }(\mathbf {x},t)= 1 \). Since \( \chi _{\varphi }(\mathbf {x},t)= 1, \) then due to Theorem 4.7, \( \forall \tau \in [0, r) \), \( \chi _ \varphi (\mathbf {x},t \pm \tau)=1, \) and thus, due to Theorem 4.5, \( \forall \tau \in [0, r) \), \( \theta ^{\pm }_ \varphi (\mathbf {x},t \pm \tau) \ge 0 \). Same as in Section A.9, to prove the rest we distinguish between the cases of \( r\lt \infty \) and \( r=\infty \) as follows: 1.1. Let \( r\lt \infty \). Then Equation (37) holds. Note that since \( r\gt 0, \) then \( |\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })|= \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })\gt 0 \) and \( |\theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })|=\theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })\gt 0, \) and then according to Theorems 4.5 and 4.7, item 3, \( \forall \tau \in [0, \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })) \), \( \theta ^{\pm }_{\varphi _2}(\mathbf {x}, t^{\prime } \pm \tau) \ge 0, \) and \( \forall \tau \in [0, \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })) \), \( \theta ^{\pm }_{\varphi _1}(\mathbf {x}, t^{\prime \prime } \pm \tau) \ge 0 \). Applying the induction hypothesis, we get \( \begin{equation*} \begin{aligned}\forall \epsilon \gt 0,\ &\exists t^{\prime }\in t+I\ (\forall \tau \in [0,\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })),\ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime } \pm \tau)\ge \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })-\tau \ \wedge \\ &\forall t^{\prime \prime } \in [t,t^{\prime }), \forall \tau \in [0,\theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })),\ \theta ^{\pm }_{\varphi _1}(\mathbf {x},t^{\prime \prime } \pm \tau)\ge \theta ^{\pm }_{\varphi _1}(\mathbf {x},t^{\prime \prime }) - \tau), \end{aligned} \end{equation*} \) where \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime }) \gt r-\epsilon \) and \( \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \gt r-\epsilon \). Therefore, \( [0,\theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime })) \supset [0,r-\epsilon) \) and \( [0,\theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })) \supset [0, r-\epsilon) \). Next, applying Lemma D.1(1)–(3) and Definition 3.2, it holds that \( \forall \epsilon \gt 0 \), \( \forall \tau \in [0,r-\epsilon) \), \( \theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau) \gt r-\epsilon -\tau \). Thus,10 it holds that \( \forall \tau \in [0, r) \), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t \pm \tau) \ge r-\tau \). 1.2. Let \( r=\infty \). Then Equation (38) holds. Using the definition of an infimum (unbounded set) together with an induction hypothesis, we can conclude that \( \forall M\in \mathbb {R} \), \( \forall \tau \in [0,M) \), \( \theta ^\pm _{\varphi }(\mathbf {x},t \pm \tau) \gt M-\tau \); thus,11 \( \forall \tau \in [0,\infty) \), \( \theta ^\pm _{\varphi }(\mathbf {x},t \pm \tau)=\infty \). 2. Let \( \chi _{\varphi }(\mathbf {x},t)= -1 \). Since \( \chi _{\varphi }(\mathbf {x},t)= -1, \) then due to Theorem 4.7, \( \forall \tau \in [0, r) \), \( \chi _ \varphi (\mathbf {x},t \pm \tau)=-1, \) and thus, due to Theorem 4.5, \( \forall \tau \in [0, r) \), \( \theta ^{\pm }_ \varphi (\mathbf {x},t \pm \tau) \le 0 \). Same as in Section A.9, to prove the rest we distinguish between the cases of \( r=\infty \) and \( r\lt \infty \) as follows: 2.1. Let \( r=\infty \). Then Equation (39) holds. By the induction hypothesis and Lemma D.1(1), (2), (4), it holds that \( \forall M\in \mathbb {R}_+ \), \( \forall \tau \in [0,M) \), \( \theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau) \le -M+\tau \), and thus,\( {^{{11}}} \) \( \forall \tau \in [0,\infty) \), \( \theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau) = -\infty \), which means \( \forall \tau \in [0, r) \), \( |\theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| \ge r-\tau \). 2.2. Let \( r\lt \infty \). Then Equation (40) holds. Take any \( t^{\prime }\in t+I \). Same as in Section A.9, we will work with each \( j_{t^{\prime }} \) separately. We will distinguish between the cases of \( j_{t^{\prime }}\lt \infty \) and \( j_{t^{\prime }}=\infty \) as follows:
Note that Equations (45) and (46) are equivalent; therefore, they hold regardless of each \( j_{t^{\prime }} \) value. Thus, it holds that \( \forall t^{\prime }\in t+I \), \( \forall \tau \in [0, r) \), \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t^{\prime } \pm \tau)\ \sqcap \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime } \pm \tau) \le -r+\tau \), which due to Lemma D.1(1) leads to \( \forall \tau \in [0, r) \), \( \theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau) \le -r+\tau \); thus, \( \forall \tau \in [0, r) \), \( |\theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| \ge r-\tau \). | ||||||||||||||||
A.12 Proof of Equation (12) (Theorem 4.8 for Discrete-time)
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {Z}\rightarrow X \) be a discrete-time signal, and \( t\in \mathbb {Z} \) be a time point. For any value \( r\in \mathbb {Z}_{\ge 0} \), we want to prove that if \( |\theta ^{\pm }_\varphi (\mathbf {x},t)| = r, \) then \( \forall \tau \in [0,r] \), \( |\theta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| \ge r-\tau \). Note that the result is trivial for \( r=0 \). Therefore, let \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0 \). The rest of the proof is by induction on the structure of the formula \( \varphi \) and follows the similar steps as Section A.11; therefore, we only present the base case.
Base case \( \varphi =p \). Since \( |\theta ^{\pm }_p(\mathbf {x}, t)|= r, \) then due to Corollary 4.9, \( |\eta ^{\pm }_p(\mathbf {x},t)|=r \). From Equation (10), i.e., Theorem 4.4 for discrete-time, we get that \( \forall \tau \in [0, r] \), \( |\eta ^{\pm }_{\varphi }(\mathbf {x},t \pm \tau)| = r-\tau \), which again due to Corollary 4.9 leads to \( \forall \tau \in [0, r] \), \( |\theta ^{\pm }_{p}(\mathbf {x},t \pm \tau)| = r-\tau \).
A.13 Proof of Theorem 4.10
Given an STL formula \( \varphi \) and a signal \( \mathbf {x}:\mathbb {T}\rightarrow X \), we want to show that \( |\theta ^{\pm }_\varphi (\mathbf {x},t) | \le |\eta ^{\pm }_\varphi (\mathbf {x},t)| \) for any \( t\in \mathbb {T} \). Let \( |\theta ^{\pm }_\varphi (\mathbf {x},t) |=r\ge 0 \). According to Theorem 4.7, \( \forall t^{\prime }\in t\pm [0,r),\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \). To prove the rest we distinguish between the cases of \( r=\infty \) and \( r\lt \infty \) as follows. If \( r=\infty , \) then due to Theorem 4.3, \( |\eta ^{\pm }_\varphi (\mathbf {x},t) | =\infty =|\theta ^{\pm }_\varphi (\mathbf {x},t)| \). Now consider the case when \( r\lt \infty \). There exist two separate cases: either it holds that (a) \( \forall \epsilon \gt 0 \), \( \exists \tau \in [r, r+\epsilon) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)\not=\chi _\varphi (\mathbf {x},t) \) or the opposite holds; i.e., it holds that (b) \( \exists \epsilon \gt 0 \), \( \forall \tau \in [r, r+\epsilon) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=\chi _\varphi (\mathbf {x},t) \). In case of condition (a), due to Theorem 4.3, we can conclude that \( |\eta ^{\pm }_\varphi (\mathbf {x},t) | =r \). Now consider the case (b). By assumption we know that \( \forall t^{\prime }\in t\pm [0,r),\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \), which in combination with condition (b) leads to \( \exists \epsilon \gt 0 \), \( \forall t^{\prime }\in t\pm [0,r+\epsilon),\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t) \). Therefore, \( \forall t^{\prime }\in t\pm [0,r] \), \( \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t), \) or in other words, \( r\in \varUpsilon =\lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in t\pm [0,\tau ],\ \chi _\varphi (\mathbf {x},t^{\prime })=\chi _\varphi (\mathbf {x},t)\rbrace \). Therefore, \( r\le \sup \varUpsilon = |\eta ^{\pm }_\varphi (\mathbf {x},t) | \).
A.14 Proof of Lemma 4.11
Consider a formula \( \varphi \in \text{STL}^{\!+}(\wedge ,\square _I) \) and a signal \( \mathbf {x}:\mathbb {T}\rightarrow X \). We want to show that for any \( t\in \mathbb {T} \) such that \( \chi _\varphi (\mathbf {x},t)=1 \) it follows that \( \eta ^{\pm }_\varphi (\mathbf {x},t)=\theta ^{\pm }_\varphi (\mathbf {x},t) \). The proof is by induction on the structure of the formula \( \varphi \in \text{STL}^{\!+}(\wedge ,\square _I) \).
Case | \( \varphi =p \) and \( \varphi =\lnot p \). Immediately follows from Corollary 4.9, e.g., \( \quad \eta ^{\pm }_{\lnot p}(\mathbf {x},t) \overset{\text{Lemma}~{D.3}}{=} -\eta ^{\pm }_{p}(\mathbf {x},t) \overset{\text{Cor.}{4.9}}{=} -\theta ^{\pm }_{p}(\mathbf {x},t) \overset{(6)}{=} \theta ^{\pm }_{\lnot p}(\mathbf {x},t) \). | ||||
Case | \( \varphi =\varphi _1\wedge \varphi _2 \). First note that since \( \chi _{\varphi }(\mathbf {x},t)=1, \) then due to Theorem 4.1, \( \theta ^{\pm }_{\varphi }(\mathbf {x},t)\ge 0 \) and \( \eta ^{\pm }_{\varphi }(\mathbf {x},t)\ge 0 \). Also by Definition 2.1, for \( k\in \lbrace 1,2\rbrace \), \( \chi _{\varphi _k}(\mathbf {x},t)=1 \) and \( \chi _{\varphi _k}(\mathbf {x},t)=1, \) and thus, \( \theta ^{\pm }_{\varphi _k}(\mathbf {x},t)\ge 0 \) and \( \eta ^{\pm }_{\varphi _k}(\mathbf {x},t)\ge 0 \). WLOG assume that \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t) \). From the induction hypothesis for \( \varphi _k \) for \( k\in \lbrace 1,2\rbrace \) we get that \( \eta ^{\pm }_{\varphi _1}(\mathbf {x},t)=\theta ^{\pm }_{\varphi _1}(\mathbf {x},t)\le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t)=\eta ^{\pm }_{\varphi _2}(\mathbf {x},t) \). Then it holds that \( \theta ^{\pm }_{\varphi }(\mathbf {x},t)= \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)= \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)\le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t)=\eta ^{\pm }_{\varphi _2}(\mathbf {x},t) \). Let \( \theta ^{\pm }_{\varphi }(\mathbf {x},t) = r \) for some \( r\in \overline{ \mathbb {R}}_{\ge 0} \) or \( r\in \overline{\mathbb {Z}}_{\ge 0} \) depending on \( \mathbb {T}=\lbrace \mathbb {R},\mathbb {Z}\rbrace \). Thus, \( \eta ^{\pm }_{\varphi _1}(\mathbf {x},t)=r \) and \( \eta ^{\pm }_{\varphi _2}(\mathbf {x},t)\ge r \). Then according to Theorem 4.3, \( \forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi _k}(\mathbf {x},t^{\prime })=1 \) for both \( k\in \lbrace 1,2\rbrace \), which by Definition 2.1 leads to \( \forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=1 \). We distinguish between the cases of \( r=\infty \) and \( r\lt \infty \) as follows: 1. Let \( r=\infty \). Since \( \forall t^{\prime }\in t\pm [0, \infty),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _{\varphi }(\mathbf {x},t) \), by Theorem 4.3 we get that \( |\eta _{\varphi }^{\pm }(\mathbf {x},t)|=\infty \). 2. Let \( r\lt \infty \). Since \( \eta ^{\pm }_{\varphi _1}(\mathbf {x}, t)=r\lt \infty , \) then from Theorem 4.3, we get that \( \forall \epsilon \gt 0,\ \exists \tau \in [r, r+\epsilon),\ \chi _{\varphi _1}(\mathbf {x},t \pm \tau)=-1 \), which means that \( \forall \epsilon \gt 0,\ \exists \tau \in [r, r+\epsilon),\ \chi _{\varphi }(\mathbf {x},t \pm \tau)=-1 \sqcap \chi _{\varphi _2}(\mathbf {x},t \pm \tau)=-1 \) and in combination with obtained \( \forall t^{\prime }\in t\pm [0, r),\ \chi _{\varphi }(\mathbf {x},t^{\prime })=1 \) by Theorem 4.3 we get that \( |\eta _{\varphi }^{\pm }(\mathbf {x},t)|=r \). In both cases, since \( \eta _{\varphi }^{\pm }(\mathbf {x},t)\ge 0, \) then \( \eta _{\varphi }^{\pm }(\mathbf {x},t)=|\eta _{\varphi }^{\pm }(\mathbf {x},t)|=r=\theta _{\varphi }^{\pm }(\mathbf {x},t) \). | ||||
Case | \( \varphi =\square _I \varphi _1 \). First note that since \( \chi _{\varphi }(\mathbf {x},t)=1, \) then due to Definition 2.1, \( \forall t^{\prime }\in t+ I \), \( \chi _{\varphi _1}(\mathbf {x},t^{\prime })=1 \); due to Theorem 4.1, \( |\eta ^{\pm }_{\varphi }(\mathbf {x},t)|=\eta ^{\pm }_{\varphi }(\mathbf {x},t); \) and due to Theorem 4.5, \( |\theta ^{\pm }_{\varphi }(\mathbf {x},t)|=\theta ^{\pm }_{\varphi }(\mathbf {x},t) \). From the induction hypothesis we get that \( \forall t^{\prime }\in t+I \), \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)=\eta ^{\pm }_{\varphi _1}(\mathbf {x},t) \). Let \( \theta ^{\pm }_{\varphi }(\mathbf {x},t) = r \). Then by Definition 3.2, \( \sqcap _{t^{\prime }\in t+ I} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime }) =r \). Next we consider the cases of \( r=\infty \) and \( r\lt \infty \). 1. Let \( r=\infty \). Since \( \sqcap _{t^{\prime }\in t+ I} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime }) =\infty \), then it holds that \( \forall t^{\prime }\in t+I \), \( \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime }) =\infty , \) which by the induction hypothesis leads to \( \forall t^{\prime }\in t+I \), \( \eta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime }) =\infty \). According to Theorem 4.3, \( \forall t^{\prime }\in t+I \), \( \forall \tau \in [0, \infty),\ \chi _{\varphi _1}(\mathbf {x}, t^{\prime } \pm \tau)=1, \) which by Theorem 4.3 leads to \( \eta ^{\pm }_{\varphi }(\mathbf {x},t)=|\eta ^{\pm }_{\varphi }(\mathbf {x},t)|=\infty =\theta ^{\pm }_{\varphi }(\mathbf {x},t) \). 2. Let \( r\lt \infty \). Then by the definition of infimum, \( \forall t^{\prime }\in t+I \), \( \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime }) \ge r \) and \( \forall \epsilon \gt 0 \), \( \exists t^{\prime \prime }\in t+I \) such that \( r\le \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) \lt r+\epsilon \). The first condition due to Theorem 4.7 leads to \( \forall t^{\prime }\in t +I \), \( \forall \tau \in [0,r) \), \( \chi _{\varphi _1}(\mathbf {x},t^{\prime }\pm \tau)=1, \) which by Definition 2.1 leads to \( \forall t^{\prime }\in t\pm [0, r) \), \( \chi _\varphi (\mathbf {x}, t^{\prime })=1 \). The second condition due to an induction hypothesis can be rewritten as \( \forall \epsilon \gt 0 \), \( \exists t^{\prime \prime }\in t+I \), \( \exists j\in [r, r+\epsilon) \), \( \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime })=\eta ^{\pm }_{ \varphi _1}(\mathbf {x},t^{\prime \prime }) = j \). Since \( r\lt \infty , \) then due to Theorem 4.3 we get that \( \forall \epsilon \gt 0 \), \( \exists t^{\prime \prime }\in t+I \), \( \exists j\in [r, r+\epsilon) \), \( \forall \epsilon ^{\prime }\gt 0 \), \( \exists \tau \in [j, j+\epsilon ^{\prime }) \), \( \chi _{\varphi _1}(\mathbf {x},t^{\prime \prime } \pm \tau)=-1 \). This, due to Lemma D.1(1), (2), leads to \( \forall \epsilon \gt 0 \), \( \exists \tau \in [r, r+\epsilon) \), \( \exists t^{\prime \prime }\in t+I \), \( \chi _{\varphi _1}(\mathbf {x},t^{\prime \prime } \pm \tau)=-1, \) and by Definition 2.1 we get that \( \forall \epsilon \gt 0 \), \( \exists \tau \in [r, r+\epsilon) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=-1 \). Thus, we obtained that \( \forall t^{\prime }\in t\pm [0, r) \), \( \chi _\varphi (\mathbf {x}, t^{\prime })=1 \) and \( \forall \epsilon \gt 0 \), \( \exists \tau \in [r, r+\epsilon) \), \( \chi _{\varphi }(\mathbf {x},t \pm \tau)=-1, \) which by Theorem 4.3 leads to \( |\eta ^{\pm }_{\varphi }(\mathbf {x},t)|=r \). Since \( \chi _{\varphi }(\mathbf {x},t)=1 \), we obtain that \( \eta ^{\pm }_{\varphi }(\mathbf {x},t)=|\eta ^{\pm }_{\varphi }(\mathbf {x},t)|=r=\theta ^{\pm }_{\varphi }(\mathbf {x},t) \). | ||||
A.15 Proof of Lemma 4.12
Consider a formula \( \varphi \in \text{STL}^{\!+}(\vee ,\Diamond _I) \) and a signal \( \mathbf {x}:\mathbb {T}\rightarrow X \). We want to show that for any \( t\in \mathbb {T} \) such that \( \chi _\varphi (\mathbf {x},t)=1 \) it follows that \( \eta ^{\pm }_\varphi (\mathbf {x},t)=\theta ^{\pm }_\varphi (\mathbf {x},t) \). Since \( \varphi \in \text{STL}^{\!+}(\vee ,\Diamond _I), \) then \( \psi :={\bf nnf}(\lnot \varphi)\in \text{STL}^{\!+}(\wedge ,\square _I) \). Also, since we know that \( \chi _{ \varphi }(\mathbf {x},t)=-1, \) then \( \chi _{\psi }(\mathbf {x},t)=1 \). Therefore, the following sequence holds: \( \eta ^{\pm }_\varphi (\mathbf {x},t) \overset{\text{Lemma}~{D.3}}{=} -\eta ^{\pm }_{\lnot \varphi }(\mathbf {x},t) \overset{\psi ={\bf nnf}(\lnot \varphi)}{=} -\eta ^{\pm }_{\psi }(\mathbf {x},t) \overset{\text{Lemma}~{4.11}}{=} -\theta ^{\pm }_\psi (\mathbf {x},t) \overset{(7)}{=} \theta ^{\pm }_{\varphi }(\mathbf {x},t) \).
B PROOFS OF SECTION 5
B.1 Proof of Remark 5.1
We want to show that for a signal \( \mathbf {s}=\mathbf {x}^{\leftrightarrows \tau } \) it holds that \( \forall p_k\in AP \) and \( \forall t\in \mathbb {T} \), \( \chi _{p_k}^{}(\mathbf {s}, t)= \chi _{p_k}(\mathbf {x}, t\pm \tau) \). By Definition 2.1, \( \forall p_k\in AP \), \( \forall t\in \mathbb {T} \), \( \chi _{p_k}(\mathbf {s}, t)\overset{\text{Def.}{2.1}}{=} \operatorname{sign}\mu _k(\mathbf {s}_t) = \operatorname{sign}\mu _k(\mathbf {x}_{t \pm \tau }) \overset{\text{Def.}{2.1}}{=} \chi _{p_k}(\mathbf {x}, t\pm \tau) \).
B.2 Proof of Corollary 5.2
Given a formula \( \varphi \) built upon the predicate set AP, \( \tau \in \mathbb {T}_{\ge 0} \) and signal \( \mathbf {x}:\mathbb {T}\rightarrow X \), we want to show that \( \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau }, t)=\chi _\varphi (\mathbf {x}, t\pm \tau) \), \( \forall t\in \mathbb {T} \). The proof is by induction on the structure of the formula \( \varphi \).
Case | \( \varphi =p_k \), \( \forall p_k\in AP \). Then by Definition 5.1, for any \( p_k\in AP \), \( \forall t\in \mathbb {T} \), \( \chi _{p_k}^{}(\mathbf {x}^{\leftrightarrows \tau }, t)=\chi _{p_k}(\mathbf {x}, t \pm \tau) \). | ||||
Case | \( \varphi =\lnot \varphi _1 \). Then due to the induction hypothesis for \( \varphi _1 \) and Definition 2.1, it holds that \( \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau },t) =-\chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \tau },t) \overset{\text{Ind.H.}}{=}-\chi _{\varphi _1}(\mathbf {x}, t\pm \tau) = \chi _\varphi (\mathbf {x}, t\pm \tau) \), \( \forall t\in \mathbb {T} \). | ||||
Case | \( \varphi =\varphi _1 \wedge \varphi _2 \). Then due to the induction hypothesis for \( \varphi _k \), \( k\in \lbrace 1,2\rbrace \) and Definition 2.1, it holds that \( \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau },t) \overset{\text{Def.2.1}}{=}\chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \tau },t) \sqcap \chi _{\varphi _2}(\mathbf {x}^{\leftrightarrows \tau },t) \overset{\text{Ind.Hyp.}}{=}\chi _{\varphi _1}(\mathbf {x}, t\pm \tau)\sqcap \chi _{\varphi _2}(\mathbf {x}, t\pm \tau) \overset{\text{Def.2.1}}{=} \chi _\varphi (\mathbf {x}, t\pm \tau) \). | ||||
Case | \( \varphi =\varphi _1\mathcal {U}_I \varphi _2 \). Follows directly from the induction hypothesis and Definition 2.1 as follows: \( \forall t\in \mathbb {T} \), \( \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau },t) \overset{\text{Def.~2.1}}{=} \bigsqcup _{t^{\prime }\in t+ I} \left(\chi _{\varphi _2}(\mathbf {x}^{\leftrightarrows \tau },t^{\prime }) \sqcap \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \tau },t^{\prime \prime })\right) \overset{\text{Ind.Hyp.}}{=} \bigsqcup _{t^{\prime }\in t+ I} \left(\chi _{\varphi _2}(\mathbf {x},t^{\prime }\pm \tau) \sqcap \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \chi _{\varphi _1}(\mathbf {x},t^{\prime \prime }\pm \tau)\right)= \bigsqcup _{t^{\prime }\in t\pm \tau + I} \left(\chi _{\varphi _2}(\mathbf {x},t^{\prime }) \sqcap \sqcap _{t^{\prime \prime } \in [t\pm \tau ,t^{\prime })} \chi _{\varphi _1}(\mathbf {x},t^{\prime \prime })\right) \overset{\text{Def.~2.1}}{=} \chi _\varphi (\mathbf {x}, t\pm \tau) \). | ||||
B.3 Proof of Theorem 5.3
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {R}\rightarrow X \) be a continuous-time signal, and \( t\in \mathbb {R} \) be a time point. For any value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), we want to prove that the synchronous temporal robustness \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|=r \) if and only if \( \forall \tau \in [0,r) \), \( \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau }, t)=\chi _\varphi (\mathbf {x}, t), \) and if \( r\lt \infty , \) then \( \forall \epsilon \gt 0 \), \( \exists \tau \in [r, r+\epsilon) \), \( \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau }, t)\not=\chi _\varphi (\mathbf {x}, t) \). Let \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|=r \). Then the result follows directly from Theorem 4.3 and Corollary 5.2.
B.4 Proof of Equation (15) (Theorem 5.3 for Discrete-time)
Let \( \varphi \) be an STL formula, \( \mathbf {x}:\mathbb {Z}\rightarrow X \) be a discrete-time signal, and \( t\in \mathbb {Z} \) be a time point. For any finite value \( r\in \mathbb {Z}_{\ge 0} \), we want to prove that the synchronous temporal robustness \( |\eta ^{\pm }_\varphi (\mathbf {x}, t)|=r \) if and only if \( \forall t^{\prime }\in t\pm [0, r] \), \( \chi _\varphi (\mathbf {x}^{\leftrightarrows \tau }, t)=\chi _\varphi (\mathbf {x}, t), \) and \( \chi _\varphi (\mathbf {x}^{\leftrightarrows r+1}, t)\not=\chi _\varphi (\mathbf {x}, t) \).
Let \( |\eta ^{\pm }_\varphi (\mathbf {x},t)| =r \). Then the result follows directly from Equation (9) and Corollary 5.2.
B.5 Proof of Theorem 5.4
Let \( \varphi \) be an STL formula built upon the predicate set \( AP:=\lbrace p_1,\ldots ,p_L\rbrace \), \( \mathbf {x}:\mathbb {R}\rightarrow X \) be a continuous-time signal, and \( t\in \mathbb {R} \) be a time point. For any value \( r\in \overline{ \mathbb {R}}_{\ge 0} \), we want to prove that if the asynchronous temporal robustness \( |\theta ^{\pm }_\varphi (\mathbf {x},t)| = r, \) then \( \forall \tau _1,\ldots ,\tau _L\in [0, r) \), \( \chi _\varphi (\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=\chi _\varphi (\mathbf {x}, t) \).
Note that the result is trivial for \( r=0 \). Therefore, let \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0 \). The rest of the proof is by induction on the structure of the formula \( \varphi \).
Case | \( \varphi =p_k\in AP \). Since \( |\theta ^{\pm }_{p_k}(\mathbf {x}, t)|=r, \) then due to Theorem 4.7, \( \forall \tau \in [0, r),\ \chi _{p_k}(\mathbf {x}, t\pm \tau)=\chi _{p_k}(\mathbf {x},t) \). Using Definition 5.2, it leads to \( \forall \tau _1,\ldots ,\tau _L\in [0, r) \), \( \chi _{p_k}(\mathbf {x}^{\leftrightarrows \bar{\tau }}, t)\overset{\text{Def.}~{5.2}}{=} \chi _{p_k}(\mathbf {x}, t\pm \tau _k) \overset{\tau _k\lt r}{=}\chi _{p_k}(\mathbf {x}, t) \). | ||||||||||||||||
Case | \( \varphi =\lnot \varphi _1 \). Since \( |\theta ^{\pm }_{\lnot \varphi _1}(\mathbf {x},t)| =r, \) then due to Equation (6) it holds that \( |\theta ^{\pm }_{\varphi _1}(\mathbf {x},t)|=r \). By the induction hypothesis for \( \varphi _1 \), we get that \( \forall \tau _1,\ldots ,\tau _L\in [0, r) \), \( \chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=\chi _{\varphi _1}(\mathbf {x}, t) \). Therefore, due to Definition 2.1, it holds that \( \forall \tau _1,\ldots ,\tau _L\in [0, r) \), \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t) = -\chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t) = -\chi _{\varphi _1}(\mathbf {x},t) = \chi _{\varphi }(\mathbf {x},t) \). | ||||||||||||||||
Case | \( \varphi =\varphi _1 \wedge \varphi _2 \). We consider the two separate cases of \( \chi _{\varphi }(\mathbf {x},t)= 1 \) and \( \chi _{\varphi }(\mathbf {x},t)= -1 \) as follows: 1. Let \( \chi _{\varphi }(\mathbf {x},t)= 1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(3), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = r\gt 0 \). WLOG assume that \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t) \). Therefore, \( |\theta ^{\pm }_\varphi (\mathbf {x},t)|= \theta ^{\pm }_\varphi (\mathbf {x},t)\overset{(7)}{=} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)= \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)=r \). If we denote \( \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)=j, \) then \( 0\lt r=\theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t)=j \). From \( r\le j \) and by the induction hypothesis for \( \varphi _k \) for \( k\in \lbrace 1,2\rbrace \) it holds that \( \forall \tau _1,\ldots ,\tau _L\in [0, r) \), \( \chi _{\varphi _k}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=\chi _{\varphi _k}(\mathbf {x}, t) \). Thus, using Definition 2.1, \( \forall \tau _1,\ldots ,\tau _L\in [0, r), \) it holds that \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t) = \chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t) \sqcap \chi _{\varphi _2}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)= \chi _{\varphi _1}(\mathbf {x},t) \sqcap \chi _{\varphi _2}(\mathbf {x},t)= \chi _\varphi (\mathbf {x},t) \). 2. Let \( \chi _{\varphi }(\mathbf {x},t)= -1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(4), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = -r\lt 0 \). WLOG assume that \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t) \le \theta ^{\pm }_{\varphi _2}(\mathbf {x},t) \). Therefore, \( -|\theta ^{\pm }_\varphi (\mathbf {x},t)|= \theta ^{\pm }_\varphi (\mathbf {x},t)\overset{(7)}{=} \theta ^{\pm }_{ \varphi _1}(\mathbf {x},t) \ \sqcap \ \theta ^{\pm }_{ \varphi _2}(\mathbf {x},t)= \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)=-r\lt 0 \). Since \( \theta ^{\pm }_{\varphi _1}(\mathbf {x},t)\lt 0, \) then \( \chi _{\varphi _1}(\mathbf {x},t)=-1 \). From the induction hypothesis for \( \varphi _1 \) we get that \( \forall \tau _1,\ldots ,\tau _L\in [0, r) \), \( \chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=\chi _{\varphi _1}(\mathbf {x},t)=-1 \). Thus, \( \forall \tau _1,\ldots ,\tau _L\in [0, r) \), \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t) = \chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t) \sqcap \chi _{\varphi _2}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t) = -1 \sqcap \chi _{\varphi _2}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t) = -1= \chi _\varphi (\mathbf {x},t) \). | ||||||||||||||||
Case | \( \varphi =\varphi _1\mathcal {U}_I \varphi _2 \). The proof is analogous to Section A.9. We consider the two separate cases of \( \chi _{\varphi }(\mathbf {x},t)= 1 \) and \( \chi _{\varphi }(\mathbf {x},t)= -1 \) as follows: 1. Let \( \chi _{\varphi }(\mathbf {x},t)= 1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(3), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = r\gt 0 \). Next, same as in Section A.9, we distinguish between the cases of \( r\lt \infty \) and \( r=\infty \) as follows: 1.1. Let \( r\lt \infty \). Then Equation (37) holds. Note that since \( r\gt 0, \) then using Theorem 4.5, \( \chi _{\varphi _2}(\mathbf {x},t^{\prime })=\chi _{\varphi _1}(\mathbf {x},t^{\prime \prime })=1 \). By the induction hypothesis we get that \( \begin{equation*} \begin{aligned}\forall \epsilon \gt 0,\ &\exists t^{\prime }\in t+I\ (\forall \tau _1,\ldots ,\tau _L\in [0,r-\epsilon),\ \chi _{\varphi _2}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t^{\prime })=1\ \wedge \\ &\forall t^{\prime \prime } \in [t,t^{\prime }), \forall \tau _1,\ldots ,\tau _L\in [0,r-\epsilon),\ \chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t^{\prime \prime })=1). \end{aligned} \end{equation*} \) Thus, due to Lemma D.1(1)–(3), it holds that \( \forall \epsilon \gt 0 \), \( \forall \tau _1,\ldots ,\tau _L\in [0,r-\epsilon) \), \( \exists t^{\prime }\in t+I \), \( \begin{equation*} \chi _{\varphi _2}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t^{\prime })=1\ \wedge \ \forall t^{\prime \prime } \in [t,t^{\prime }),\ \chi _{\varphi _1}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t^{\prime \prime })=1. \end{equation*} \) Therefore, by Definition 2.1, \( \forall \epsilon \gt 0,\ \forall \tau _1,\ldots ,\tau _L\in [0,r-\epsilon) \), \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=1 \), and similarly to\( {^{{9}}} \), we can conclude that \( \forall \tau _1,\ldots ,\tau _L\in [0,r) \), \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=1=\chi _{\varphi }(\mathbf {x},t) \). 1.2. Let \( r=\infty \). Then Equation (38) holds. Using the definition of an infimum (unbounded set) together with an induction hypothesis, we can conclude that \( \forall M\in \mathbb {R} \), \( \forall \tau _1,\ldots ,\tau _L\in [0,M) \), \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=1 \), and thus, \( \forall \tau _1,\ldots ,\tau _L\in [0,\infty) \), \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=1 \). 2. Let \( \chi _{\varphi }(\mathbf {x},t)= -1 \). Since \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0, \) then due to Theorem 4.5(4), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t) = -r\lt 0 \). Next, same as in Section A.9, we distinguish between the cases of \( r=\infty \) and \( r\lt \infty \) as follows: 2.1. Let \( r=\infty \). Then Equation (39) holds. By the induction hypothesis and Lemma D.1(1), (2), (4), it holds that \( \forall M\in \mathbb {R}_+ \), \( \forall \tau _1,\ldots ,\tau _L\in [0,M) \), \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=-1 \), i.e., \( \forall \tau _1,\ldots ,\tau _L\in [0,\infty) \), \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=-1 \). 2.2. Let \( r\lt \infty \). Then Equation (40) holds. Take any \( t^{\prime }\in t+I \). Same as in Section A.9, we will work with each \( j_{t^{\prime }} \) separately. We will distinguish between the cases of \( j_{t^{\prime }}\lt \infty \) and \( j_{t^{\prime }}=\infty \) as follows:
Note that Equations (47) and (48) are equivalent; therefore, they hold regardless of each \( j_{t^{\prime }} \) value. Thus, it holds that \( \forall t^{\prime }\in t+I \), \( \forall \tau _1,\ldots ,\tau _L\in [0,\ r) \), \( \chi _{\varphi _2}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t^{\prime })\ \sqcap \sqcap _{t^{\prime \prime } \in [t,t^{\prime })} \chi _{ \varphi _1}(\mathbf {x}^{\leftrightarrows \bar{\tau }},t^{\prime \prime })=-1 \), which due to Lemma D.1(1) leads to \( \forall \tau _1,\ldots ,\tau _L\in [0,\ r) \), \( \chi _{\varphi }(\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=-1 \). | ||||||||||||||||
B.6 Proof of Equation (18) (Theorem 5.4 for Discrete-time)
Let \( \varphi \) be an STL formula built upon the predicate set \( AP:=\lbrace p_1,\ldots ,p_L\rbrace \), \( \mathbf {x}:\mathbb {Z}\rightarrow X \) be a discrete-time signal, and \( t\in \mathbb {Z} \) be a time point. For any value \( r\in \mathbb {Z}_{\ge 0} \), we want to prove that if the asynchronous temporal robustness \( |\theta ^{\pm }_\varphi (\mathbf {x},t)| = r, \) then \( \forall \tau _1,\ldots ,\tau _L\in [0, r] \), \( \chi _\varphi (\mathbf {x}^{\leftrightarrows \bar{\tau }},t)=\chi _\varphi (\mathbf {x}, t) \). Note that the result is trivial for \( r=0 \). Therefore, let \( |\theta ^{\pm }_\varphi (\mathbf {x}, t)|= r\gt 0 \). The rest of the proof is by induction on the structure of the formula \( \varphi \) and follows the similar steps as Section B.5; therefore, we only present the base case.
Base case \( \varphi =p_k \). Since \( |\theta ^{\pm }_{p_k}(\mathbf {x}, t)|=r, \) then due to Equation (11), i.e., Theorem 4.7 for discrete-time, we get that \( \forall \tau \in [0, r],\ \chi _{p_k}(\mathbf {x}, t\pm \tau)=\chi _{p_k}(\mathbf {x},t) \). Using Definition 5.2, it leads to \( \forall \tau _1,\ldots ,\tau _L\in [0, r] \), \( \chi _{p_k}(\mathbf {x}^{\leftrightarrows \bar{\tau }}, t)\overset{\text{Def.}~{5.2}}{=} \chi _{p_k}(\mathbf {x}, t\pm \tau _k) \overset{\tau _k\le r}{=}\chi _{p_k}(\mathbf {x}, t) \).
B.7 Proof of Lemma 5.6
Let \( x_t:=(\zeta ^{(1)}_t,\ldots ,\zeta ^{(c)}_t), \) where c is the number of groups in which \( x_t \) is clustered. First, let every predicate \( p_k\in \lbrace p_1,\ldots ,p_L\rbrace \) in \( \varphi \) be defined over only a single \( \zeta ^{(d)} \) for some d, i.e., \( \exists d\in \lbrace 1,\ldots ,c\rbrace , \) and a real-valued function \( \nu _k \), such that \( p_k :=\nu _k(\zeta ^{(d)}_t)\ge 0 \). Second, let \( \mathbf {s} \) be defined as \( s_t:=(\zeta ^{(1)}_{t \pm \kappa _1}, \ldots , \zeta ^{(c)}_{t\pm \kappa _c}) \). Then we want to show that \( \mathbf {s}=\mathbf {x}^{\leftrightarrows \bar{\tau }} \).
Due to the above two assumptions, the predicate \( p_k \) over the sate \( s_t \) is defined through the real-valued function \( \mu _k(s_t)= \nu _k(\zeta ^{(d)}_{t \pm \kappa _d}) = \mu _k(x_{t \pm \kappa _d}) \). Then by Definition 2.1, we get that \( \chi _{p_k}(\mathbf {s}, t)=\operatorname{sign}(\mu _k(s_t))= \operatorname{sign}(x_{t \pm \kappa _d})=\chi _{p_k}(\mathbf {x}, t\pm \kappa _d) \). Therefore, for \( \bar{\tau } = (\tau _1,\ldots ,\tau _L), \) where each \( \tau _k\in \lbrace \kappa _1,\ldots ,\kappa _c\rbrace \), we get that \( \mathbf {s}=\mathbf {x}^{\leftrightarrows \bar{\tau }} \).
C PROOFS OF SECTION 6
C.1 Proof of Proposition 6.1
(1) | The proof is by construction, following Section 6.2. | ||||
(2) | The Boolean encoding of STL constraints (Equation (22)) introduce \( O(H\cdot |AP|) \) binary and \( O(H\cdot |\varphi |) \) continuous variables according to [47]. The encoding of the synchronous temporal robustness then introduces integer counter variables \( c^{1,\varphi }_t \), \( c^{0,\varphi }_t \) and adjusted counters \( \tilde{c}^{1,\varphi }_t \), \( \tilde{c}^{0,\varphi }_t \). Since the algorithm introduces a constant amount of counters per time step, it leads to \( O(H) \) additional integer variables, which does not increase the above-mentioned \( O(H\cdot |\varphi |) \) number of continuous variables. Note. There exist a purely binary version of the Boolean encoding of STL constraints (Equation (22)) that introduce \( O(H\cdot (|AP|+|\varphi |)) \) binary variables (no integers). Together with the introduced counters, it leads to \( O(H\cdot (|AP|+|\varphi |)) \) binary and \( O(H) \) continuous variables. Though such encoding is possible and depending on the problem might lead to a faster implementation due to the heuristic solvers and the order of linear relaxations, the worst-case complexity of solving an MILP is exponential in the number of binary variables [59]; therefore, for the generic implementation, the former encoding that requires \( O(H\cdot |AP|) \) binary variables is beneficial. | ||||
C.2 Proof of Proposition 6.3
(1) | The proof is by construction, following Section 6.3. | ||||
(2) | Due to Corollary 4.9, \( \theta ^{\pm }_p(\mathbf {x},t)=\eta ^{\pm }_p(\mathbf {x},t) \) for any \( t\in \mathbb {T} \). Therefore, using Proposition 6.1, in order to encode each predicate, we introduce \( O(H) \) binary and continuous variables. Therefore, we introduce \( O(H\cdot |AP|) \) binary and continuous variables for the encoding of STL predicates. The second step of the encoding is the encoding of STL operators, where for each operator \( \psi \) within \( \varphi \) and every \( t\in \mathbb {T} \), we introduce continuous \( \theta ^+_\psi (\mathbf {x}, t) \) and a finite set of Boolean variables \( b_j \); see Section 6.3. Therefore, to encode all operators within \( \varphi , \) we require \( O(H\cdot |\varphi |) \) additional integer and Boolean variables. Thus, the MILP encoding of \( \mathbf {\theta }^+_{\varphi }(\mathbf {x}) \) requires \( O(H\cdot (|AP|+|\varphi |)) \) binary and integer variables. | ||||
D AUXILIARY LEMMAS
The following quantifier laws hold:
Let \( b\in \lbrace 0,1\rbrace \) be a Boolean variable and let x be an integer variable such that lower and upper bounds are known constants, \( x_l\le x\le x_{u} \). The expression \( y=b\cdot x \) can be equivalently expressed as a set of mixed-integer linear constraints as follows: \( \begin{equation*} \begin{aligned}x_lb\le \ &y\le x_{u} b \\ x - x_{u}(1-b) \le &y \le x- x_l(1-b). \end{aligned} \end{equation*} \)
For any STL formula \( \varphi \), signal \( \mathbf {x}:\mathbb {T}\rightarrow X, \) and any time \( t\in \mathbb {T} \), \( \eta ^{\pm }_{\lnot \varphi }(\mathbf {x},t) = -\eta ^{\pm }_\varphi (\mathbf {x},t) \).
The proof is derived directly from Definitions 3.1 and 2.1 as follows: \( \begin{align*} \eta ^{\pm }_{\lnot \varphi }(\mathbf {x},t) &\overset{\text{Def.}{3.1}}{=} \chi _{\lnot \varphi }(\mathbf {x}, t)\cdot \sup \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in t\pm [0,\tau ],\ \chi _{\lnot \varphi }(\mathbf {x},t^{\prime })=\chi _{\lnot \varphi }(\mathbf {x},t)\rbrace ,\\ &\overset{\text{Def.}{2.1}}{=} -\chi _{\varphi }(\mathbf {x}, t)\cdot \sup \lbrace \tau \ge 0 \ :\ \forall t^{\prime }\in t\pm [0,\tau ],\ \chi _{\varphi }(\mathbf {x},t^{\prime })=\chi _{\varphi }(\mathbf {x},t)\rbrace ,\\ &\overset{\text{Def.}{3.1}}{=} -\eta ^{\pm }_\varphi (\mathbf {x},t). \end{align*} \) □
Footnotes
1 For convenience, we assume that the time domain \( \mathbb {T} \) is unbounded in both directions. This assumption is made without loss of generality and in order to avoid technicalities.
Footnote2 When \( \mathbb {T}=\mathbb {Z} \) we implicitly assume that the intervals \( [t,t+\tau ] \) and \( [t-\tau ,t] \) encode \( [t,t+\tau ]\cap \mathbb {Z} \) and \( [t-\tau ,t]\cap \mathbb {Z} \), which results in discrete intervals.
Footnote3 To see this, note that the characteristic function \( \chi _\varphi (\mathbf {s}, t) \) is built recursively from the characteristic function \( {\chi }_{p}(\mathbf {s},t) \) of each predicate \( p\in AP \) in \( \varphi \); see Definition 2.1. For the shifted signal \( \mathbf {s} \), each \( {\chi }_{p}(\mathbf {s},t) \) is simultaneously shifted to the left or right compared to \( \chi _\varphi (\mathbf {x}, t) \). Consequently, the shifted version \( \chi _\varphi (\mathbf {s}, t) \) can be understood as \( \chi _\varphi (\mathbf {x}, t\pm \tau) \) as \( \mathbf {s} \) shifts all predicates \( p\in AP \) that appear in \( \varphi \) synchronously by \( \tau \).
Footnote4 Equivalences \( \eta ^{\pm }_\varphi (\mathbf {x},t) \ge 0 \Longleftrightarrow \chi _\varphi (\mathbf {x},t)= 1 \) and \( \eta ^{\pm }_\varphi (\mathbf {x},t) \le 0 \Longleftrightarrow \chi _\varphi (\mathbf {x},t)= -1 \) do not hold.
Footnote5 Equivalence \( \theta ^{\pm }_\varphi (\mathbf {x},t) \le 0 \Longleftrightarrow \chi _\varphi (\mathbf {x},t)= -1 \) does not hold either, same reasoning applied.
Footnote6 The signal \( \mathbf {s} \) is a synchronous \( \tau \)-early/late signal with \( \tau =\kappa \).
Footnote7 M is a large positive constant that is at least an upper bound on all pair-wise combinations of \( r_j \), \( M\ge |r_i-r_j| \). For more, see [10].
Footnote8 Note here that we limit the time domain by the horizon \( H=100 \). If the time domain was unbounded, then one can show that \( \eta ^{+}_{\varphi _2}(\mathbf {x},0)=-\infty \).
Footnote9 If \( \forall \epsilon \gt 0 \), \( \forall \tau \in [0,\ r-\epsilon) \), \( A(h), \) then \( \forall \tau \in [0,\ r) \), \( A(h) \). Assume the opposite; assume \( \exists \tau ^*\in [0,r) \) such that \( \lnot A(\tau ^*) \). Therefore, \( \exists \epsilon ^*\gt 0 \) such that we can write \( \tau ^*=r-\epsilon ^* \) and \( \lnot A(\tau ^*) \). Let \( \epsilon =\frac{\epsilon ^*}{2} \); then from the given it follows that \( \forall \tau \in [0,\ r-\frac{\epsilon ^*}{2}) \), \( A(\tau ^*) \). But \( \tau ^*=r-\epsilon ^* \in [0, r-\frac{\epsilon ^*}{2}) \); thus, \( A(\tau ^*), \) which is a contradiction with \( \lnot A(\tau ^*) \).
10 Assume the opposite; assume \( \exists \tau =\tau ^*\in [0,r) \), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t \pm \tau ^*) \lt r-\tau ^* \). Thus, if we set \( \epsilon ^* = \frac{r-\tau ^*-\theta ^{\pm }_{ \varphi }(\mathbf {x},t\pm \tau ^*)}{2}\gt 0 \) (in other words, \( \epsilon ^*+\theta ^{\pm }_{ \varphi }(\mathbf {x},t\pm \tau ^*) = r-\epsilon ^* -\tau ^* \)), then from what is given, it holds that \( \forall \tau \in [0, r-\epsilon ^*) \), \( \theta ^{\pm }_{ \varphi }(\mathbf {x},t\pm \tau) \gt r-\epsilon ^*-\tau \).
11 Assume the opposite; assume that \( \exists \tau ^*\in [0,\infty) \), \( \theta ^\pm _{\varphi }(\mathbf {x},t \pm \tau ^*)\lt \infty \). Since \( \theta ^{\pm }_ \varphi (\mathbf {x},t)=\infty \gt 0, \) then due to Theorems 4.5 and 4.7, we know that \( \theta ^\pm _{\varphi }(\mathbf {x},t \pm \tau ^*) \ge 0 \). Thus, \( \exists \tau ^*\in [0,\infty) \), \( \exists j \gt 0 \), \( \theta ^\pm _{\varphi }(\mathbf {x},t \pm \tau ^*) \lt j \). Let \( M=j+\tau ^*; \) then \( \exists \tau ^*\in [0,\infty) \), \( \exists M\gt \tau ^* \), \( \theta ^\pm _{\varphi }(\mathbf {x},t \pm \tau ^*) \lt M - \tau ^*, \) but we are given that \( \forall M\in \mathbb {R} \), \( \forall \tau \in [0,M) \), \( \theta ^\pm _{\varphi }(\mathbf {x},t \pm \tau) \gt M-\tau , \) which is a contradiction.
- [1] . 2013. Computing descent direction of MTL robustness for non-linear systems. In American Control Conference (ACC’13). 4411–4416.Google Scholar
Cross Ref
- [2] . 2014. Formal property verification in a conformance testing framework. In Proceedings of the Conference on Formal Methods and Models for Codesign. Lausanne, Switzerland, 155–164.Google Scholar
Digital Library
- [3] . 2015. Time robustness in MTL and expressivity in hybrid system falsification. In International Conference on Computer Aided Verification. Springer, 356–374.Google Scholar
Cross Ref
- [4] . 1994. A theory of timed automata. Theoretical Computer Science 126, 2 (1994), 183–235.Google Scholar
Digital Library
- [5] . 1996. The benefits of relaxing punctuality. Journal of the ACM 43, 1 (1996), 116–146.Google Scholar
Digital Library
- [6] . 1998. Controller synthesis for timed automata. IFAC Proceedings Volumes 31, 18 (1998), 447–452.Google Scholar
Cross Ref
- [7] . 2013. On the robustness of temporal properties for stochastic models. In 2nd International Workshop on Hybrid Systems and Biology, Vol. 125. Open Access Publishing, 3–19.Google Scholar
- [8] . 2015. System design of stochastic models using robustness of temporal properties. Theoretical Computer Science 587 (2015), 3–25.Google Scholar
Digital Library
- [9] . 2004. A tutorial on Uppaal. Formal Methods for the Design of Real-time Systems 3185 (2004), 200–236.Google Scholar
Cross Ref
- [10] . 1999. Control of systems integrating logic, dynamics, and constraints. Automatica 35, 3 (1999), 407–427.Google Scholar
Cross Ref
- [11] . 2001. Discrete-time hybrid modeling and verification of the batch evaporator process benchmark. European Journal of Control 7, 4 (2001), 382–399.Google Scholar
Cross Ref
- [12] . 2021. Timed automata robustness analysis via model checking. arXiv preprint arXiv:2108.08018 (2021).Google Scholar
- [13] . 2003. Timed automata: Semantics, algorithms and tools. In Advanced Course on Petri Nets. Springer, 87–124.Google Scholar
- [14] . 2021. Barrier function-based model predictive control under signal temporal logic specifications. In European Control Conference, Accepted.Google Scholar
Cross Ref
- [15] . 2018. We are becoming a joke: German’s turn on Deutsche bahn. The Guardian 20 (2018).Google Scholar
- [16] . 2000. On model predictive control for max-min-plus-scaling discrete event systems. Technical Report Bds 00-04: Control Systems Engineering, Faculty of Information Technology and Systems (2000).Google Scholar
- [17] . 2015. Quantifying conformance using the Skorokhod metric. In Proceedings of the Conference on Computer Aided Verification. 234–250.Google Scholar
Cross Ref
- [18] . 2010. Robust satisfaction of temporal logic over real-valued signals. In Proceedings of the International Conference on Formal Modeling and Analysis of Timed Systems.Google Scholar
Cross Ref
- [19] . 2012. Static and dynamic analysis of timed distributed traces. In 2012 IEEE 33rd Real-Time Systems Symposium. IEEE, 173–182.Google Scholar
Digital Library
- [20] . 2009. Robustness of temporal logic specifications for continuous-time signals. Theoretical Computer Science 410, 42 (2009), 4262–4291.Google Scholar
Digital Library
- [21] . 2006. Schedulability analysis of fixed-priority systems using timed automata. Theoretical Computer Science 354, 2 (2006), 301–317.Google Scholar
Digital Library
- [22] . 2020. Logical characterisation of hybrid conformance. In Proceedings of the International Colloquium on Automata, Languages, and Programming.Google Scholar
- [23] . 2020. A smooth robustness measure of signal temporal logic for symbolic control. IEEE Control Systems Letters 5, 1 (2020), 241–246.Google Scholar
Cross Ref
- [24] . 2015. Multi-agent plan reconfiguration under local LTL specifications. International Journal of Robotics Research 34, 2 (2015), 218–235.Google Scholar
Digital Library
- [25] . 1997. Robust timed automata. In International Workshop on Hybrid and Real-Time Systems. Springer, 331–345.Google Scholar
- [26] . 2021. Gurobi Optimizer Reference Manual. http://www.gurobi.com.Google Scholar
- [27] . 2019. Control from signal temporal logic specifications with smooth cumulative quantitative semantics. In 2019 IEEE 58th Conference on Decision and Control (CDC’19). IEEE, 4361–4366.Google Scholar
Digital Library
- [28] . 2007. Introduction to the mathematics of language. University of Arizona.Google Scholar
- [29] . 2021. Automata-based optimal planning with relaxed specifications. In 2021 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS’21). IEEE, 6525–6530.Google Scholar
Digital Library
- [30] . 2018. Sampling-based optimal control synthesis for multirobot systems under global temporal tasks. IEEE Transactions on Automatic Control 64, 5 (2018), 1916–1931.Google Scholar
Cross Ref
- [31] . 2008. A fully automated framework for control of linear systems from temporal logic specifications. IEEE Transactions on Automatic Control 53, 1 (2008), 287–297.Google Scholar
Cross Ref
- [32] . 2009. Temporal-logic-based reactive mission and motion planning. IEEE Transactions on Robotics 25, 6 (2009), 1370–1381.Google Scholar
Digital Library
- [33] . 2004. Real-time Systems Design and Analysis. Wiley, New York.Google Scholar
Cross Ref
- [34] . 2020. Optimization-based motion planning and runtime monitoring for robotic agent with space and time tolerances. In 21st IFAC World Congress. 1900–1905.Google Scholar
- [35] . 2018. Control barrier functions for signal temporal logic tasks. IEEE Control Systems Letters 3, 1 (2018), 96–101.Google Scholar
Cross Ref
- [36] . 2020. Efficient automata-based planning and control under spatio-temporal logic specifications. In 2020 American Control Conference (ACC’20). IEEE, 4707–4714.Google Scholar
Cross Ref
- [37] . 2021. STL robustness risk over discrete-time stochastic processes. arXiv preprint arXiv:2104.01503 (2021).Google Scholar
- [38] . 2022. Temporal robustness of stochastic signals. In 25th ACM International Conference on Hybrid Systems: Computation and Control. 1–11.Google Scholar
Digital Library
- [39] . 2000. Real-time Systems Design and Analysis. Prentice Hall.Google Scholar
- [40] . 2004. YALMIP: A toolbox for modeling and optimization in MATLAB. In 2004 IEEE International Conference on Robotics and Automation (IEEE Cat. No. 04CH37508). IEEE, 284–289.Google Scholar
Cross Ref
- [41] . 2004. Monitoring temporal properties of continuous signals. In Formal Techniques, Modelling and Analysis of Timed and Fault-Tolerant Systems. Springer, 152–166.Google Scholar
- [42] . 1995. On the synthesis of discrete controllers for timed systems. In Annual Symposium on Theoretical Aspects of Computer Science. Springer, 229–242.Google Scholar
- [43] . 2019. Average-based robustness for continuous-time signal temporal logic. In 2019 IEEE 58th Conference on Decision and Control (CDC’19). IEEE, 5312–5317.Google Scholar
Digital Library
- [44] . 2017. Smooth operator: Control using the smooth robustness of temporal logic. In 2017 IEEE Conference on Control Technology and Applications (CCTA’17). IEEE, 1235–1240.Google Scholar
Cross Ref
- [45] . 2018. Fly-by-logic: Control of multi-drone fleets with temporal logic objectives. In 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS’18). IEEE, 186–197.Google Scholar
Digital Library
- [46] . 2020. Language-guided sampling-based planning using temporal relaxation. In Algorithmic Foundations of Robotics XII. Springer, 128–143.Google Scholar
Cross Ref
- [47] . 2014. Model predictive control with signal temporal logic specifications. In 53rd IEEE Conference on Decision and Control. IEEE, 81–87.Google Scholar
Cross Ref
- [48] . 2021. Time-robust control for STL specifications. In 2021 60th IEEE Conference on Decision and Control (CDC’21). 572–579.
DOI: Google ScholarDigital Library
- [49] . 2017. Synchronous and asynchronous multi-agent coordination with cLTL+ constraints. In 2017 IEEE 56th Annual Conference on Decision and Control (CDC’17). IEEE, 335–342.Google Scholar
Digital Library
- [50] . 2019. Multirobot coordination with counting temporal logics. IEEE Transactions on Robotics 36, 4 (2019), 1189–1206.Google Scholar
Digital Library
- [51] . 2022. MITL verification under timing uncertainty. arXiv preprint arXiv:2204.10493 (2022).Google Scholar
- [52] . 1989. A mathematical model for periodic scheduling problems. SIAM Journal on Discrete Mathematics 2, 4 (1989), 550–581.Google Scholar
Digital Library
- [53] . 2004. Real time scheduling theory: A historical perspective. Real-time Systems 28, 2 (2004), 101–155.Google Scholar
Digital Library
- [54] . 1981. Nonlinear regulation: The piecewise linear approach. IEEE Transactions on Automatic Control 26, 2 (1981), 346–358.Google Scholar
Cross Ref
- [55] . 2007. Event-triggered real-time scheduling of stabilizing control tasks. IEEE Transactions on Automatic Control 52, 9 (2007), 1680–1685.Google Scholar
Cross Ref
- [56] . 1998. Complementarity modeling of hybrid systems. IEEE Transactions on Automatic Control 43, 4 (1998), 483–490.Google Scholar
Cross Ref
- [57] . 2020. On robustness metrics for learning STL tasks. In 2020 American Control Conference (ACC’20). IEEE, 5394–5399.Google Scholar
Cross Ref
- [58] . 2017. Time window temporal logic. Theoretical Computer Science 691 (2017), 27–54.Google Scholar
Cross Ref
- [59] . 2014. Optimization-based trajectory generation with linear temporal logic specifications. In 2014 IEEE International Conference on Robotics and Automation (ICRA’14). IEEE, 5319–5325.Google Scholar
Cross Ref
Index Terms
Temporal Robustness of Temporal Logic Specifications: Analysis and Control Design
Recommendations
Temporal Robustness of Stochastic Signals
HSCC '22: Proceedings of the 25th ACM International Conference on Hybrid Systems: Computation and ControlWe study the temporal robustness of stochastic signals. This topic is of particular interest in interleaving processes such as multi-agent systems where communication and individual agents induce timing uncertainty. For a deterministic signal and a ...
Robust control for signal temporal logic specifications using discrete average space robustness
AbstractControl systems that satisfy temporal logic specifications have become increasingly popular due to their applicability to robotic systems. Existing control methods, however, are computationally demanding, especially when the problem ...






















Comments