Arithmetic-Geometric Mean Robustness for Control from Signal Temporal Logic Specifications
Noushin Mehdipour, Cristian-Ioan Vasile, Calin Belta

TL;DR
This paper introduces an average-based robustness score for Signal Temporal Logic (STL) that emphasizes the frequency and robustness of specification satisfaction, improving control and monitoring of dynamical systems.
Contribution
It proposes a novel arithmetic-geometric mean robustness measure for STL and a framework for optimal control under STL constraints, enhancing satisfaction assessment.
Findings
The new robustness score better reflects satisfaction quality.
Framework effectively guides control synthesis.
Case studies demonstrate practical advantages.
Abstract
We present a new average-based robustness score for Signal Temporal Logic (STL) and a framework for optimal control of a dynamical system under STL constraints. By averaging the scores of different specifications or subformulae at different time points, our new definition highlights the frequency of satisfaction, as well as how robustly each specification is satisfied at each time point. We show that this definition provides a better score for how well a specification is satisfied. Its usefulness in monitoring and control synthesis problems is illustrated through case studies.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Arithmetic-Geometric Mean Robustness for
Control from Signal Temporal Logic Specifications
Noushin Mehdipour1*, Cristian-Ioan Vasile2* and Calin Belta1 *These authors contributed equally. This work was partially supported at Boston University by the National Science Foundation under grants IIS-1723995, CPS-1446151, and CMMI-14001671 Noushin Mehdipour ([email protected]), Calin Belta ([email protected]) are with the Division of Systems Engineering at Boston University, Boston, MA, USA. 2 Cristian-Ioan Vasile ([email protected]) is with the Laboratory for Information and Decision Systems (LIDS) at Massachusetts Institute of Technology, Cambridge, MA, USA.
Abstract
We present a new average-based robustness score for Signal Temporal Logic (STL) and a framework for optimal control of a dynamical system under STL constraints. By averaging the scores of different specifications or subformulae at different time points, our new definition highlights the frequency of satisfaction, as well as how robustly each specification is satisfied at each time point. We show that this definition provides a better score for how well a specification is satisfied. Its usefulness in monitoring and control synthesis problems is illustrated through case studies.
I INTRODUCTION
Formal methods have been recently used to express system behavior under complex temporal requirements, verify whether the system execution meets the desired requirements, or control the system to satisfy desirable specifications [1]. Temporal Logics including Linear Temporal Logics (LTL) [2], Metric Temporal Logic (MTL) [3], Signal Temporal Logic (STL) [4] and Time Window Temporal Logic (TWTL) [5] allow precise description of system properties over time. STL is equipped with qualitative and quantitative semantics, meaning that it not only can assess whether the system execution meets the desired requirements but also provides a measure of how well requirements are met, also known as robustness. As a result, STL has been widely used for many control purposes including path planning and motion planning [6], [7] or synthesis problems [8]. Higher robustness score shows a stronger satisfaction of the desired specifications. Therefore, it is desirable to maximize the robustness score in order to improve system behavior to satisfy desired temporal specifications.
The traditional robustness score introduced in [9] is non-convex and non-differentiable; therefore, it is not possible to use powerful optimization techniques to maximize it. Previous works for control under STL constraints focused on using heuristic algorithms or encoding constraints as Mixed Integer Linear Programming (MILP). Heuristic optimization approaches such as Particle Swarm Optimization, Simulated Annealing and Rapidly Exploring Random Trees (RRTs) were used for synthesis, falsification and control problems [10], [11], [12]. Heuristic approaches do not require a smooth objective function; however, these algorithms do not always provide a guarantee to find the optima and have many user-defined parameters that need to be set in advance.
Encoding temporal logic specifications as linear and boolean constraints was studied in [13], [14] and MILP optimization solvers such as Gurobi were used to solve the control synthesis problem. The most critical issue with MILPs is that they do not scale well as the number of variables increases, resulting in a NP-complete problem. For instance, to encode the temporal operator as MILP constraints, we need to add integer (binary) variables for each time point in the specified interval. Therefore, this approach could fail when solving problems with many variables or complex temporal constraints. Moreover, MILP implementations require all constraints (including the system dynamics in the control problem) to be linear. As a result, nonlinear dynamics must be linearized, if linearizable, which involves approximation.
Recently, there have been efforts to smooth the robustness function (score) in order to use gradient-based optimization algorithms. In [15], [16], the authors used smooth approximations of maximum and minimum functions to define a smooth robustness score in order to solve a control problem. Even though these works solved the non-differentiability issue, the resulting smooth approximation had errors compared to the traditional robustness. Therefore, positive robustness did not necessarily mean satisfaction of the specification unless it was greater than a pre-defined threshold.
The main drawback of these works is that traditional robustness is defined by the most critical point (most satisfaction or most violation). In [17], authors defined average STL robustness for continuous-time signals and defined positive and negative robustness to solve a falsification problem. Authors in [18] described MTL as linear time-invariant filters and used the average robustness for monitoring purposes. [19] improved robustness for discrete signals by defining Discrete Average Space Robustness, and removed its nonsmoothness by approximating to a simplified version. These works refined robustness score only for temporal operators while using traditional maximum and minimum functions for other operators.
Our main contribution of this paper is proposing a new average-based robustness score, which we call Arithmetic-Geometric Mean (AGM) robustness. This new quantitative semantics uses arithmetic and geometric means to take into account the robustness degrees for all the subformulae and at every time point in the horizon, and not just the most satisfying or violating ones. As a result, our robustness definition rewards policies that satisfy the requirements at more time steps and with higher scores. We show that this novel robustness definition provides a better margin in which the specification is still satisfied when external disturbances or system perturbations exist. Moreover, our normalized signed robustness degree provides a meaningful comparison when specifications involve requirements over signals with different scales. The advantages of our new definition in both monitoring and control problems are illustrated through case studies through the paper. We compare our results with those obtained using MILPs and smooth approximation methods.
II PRELIMINARIES
Let be a real function. We define and , where .
II-A Signal Temporal Logics (STL)
STL was introduced in [4] to monitor temporal properties of real-valued signals. Consider a discrete time sequence . A signal is a function that maps each time point to an -dimensional vector of real values , with being its th component. Assume is the set of all starting from up to , with . STL Syntax is defined as:
[TABLE]
where is the logical True, is a predicate, , are the Boolean negation and conjunction operators, respectively, and is the temporal until operator. Logical False is . Other Boolean and temporal operators are defined as , , . In this paper, we focus on and operators, rather than . The temporal operator Finally or eventually () states that “at some time point in the specification must be True”; while globally or always () states that “ must be True at all times in ”. The until operator () states that “ must become True at some time point within and must be always True prior to that”. A specification written in STL consists of predicates , where is a real, possibly nonlinear, function defined over values of elements of (for instance, or ) connected by Boolean and temporal operators.
The STL qualitative semantics shows whether a signal satisfies a given specification at time , i.e., or not, i.e., , and its quantitative semantics, also known as robustness, measures how much the signal is satisfying or violating the specification.
Definition 1** (STL Robustness)**
Given a specification and a signal , the robustness score at time is recursively computed as [9]:
[TABLE]
where is the maximum robustness.
Theorem 1
The robustness score is sound, meaning that implies that signal satisfies at time , and implies that violates at time .
We denote the robustness score of specification at time [math] with respect to the signal by . We refer to this definition as traditional robustness score.
II-B / Approximation
The and functions in the robustness definition in (2) result in a non-differentiable robustness score. This non-differentiability can be removed by replacing and functions with the following smooth approximations:
[TABLE]
For different values of different robustness scores are found, resulting in an error. It is shown in [16] that the approximation error approaches [math] as goes to . We refer to this definition as approximation robustness score .
III PROBLEM STATEMENT
Consider a discrete-time dynamical system given by:
[TABLE]
where is the state of the system and is the control input at the th time step ; is the initial state and is a function representing the dynamics of the system. Given the initial state and control sequence , system trajectory is generated using (4); which we denote by . Consider a cost function representing the cost of applying the control input . Assume system temporal requirements are given by a STL formula with a time horizon , which is the largest time step for which signal values are needed in order to compute the robustness for the current time point. The control synthesis problem can be formulated as determining a control policy such that the system trajectory satisfies the STL specification while optimizing the cost:
[TABLE]
As stated in the Sec. I, previous works used heuristic algorithms, MILP encoding, and gradient ascent to solve (5) and found control policies to generate trajectories that satisfy STL constraints with the traditional and smooth robustness definition. The main shortcoming of the traditional robustness score is that it only considers the robustness of the most satisfying or violating part of the specification without taking into account satisfaction of the other parts. We address this limitation by defining a new version of robustness.
IV ARITHMETIC-GEOMETRIC MEAN (AGM) ROBUSTNESS
We define a novel robustness score based on arithmetic and geometric means instead of the and functions in the traditional definition. We show that our normalized signed robustness score provides a better understanding of system properties, where corresponds to satisfaction of the specification, shows violation, and indicates inconclusiveness. Moreover, is a measure of how well the specification is satisfied or violated.
Consider a discrete time series . Signal is a function that maps each time point to an -dimensional vector of real values , with being its th element. Throughout the definitions and proofs, we assume that we have bounded signals, and all their components are normalized to the interval .
Definition 2** (AGM Robustness)**
Let and where . The normalized signed AGM robustness with respect to the signal at time is defined as:
[TABLE]
For combination of other boolean and temporal operators in a time interval , AGM robustness is recursively defined using (7) and (8); with and being the number of time points in .
Same as before, when the time of satisfaction is not mentioned, satisfaction at time [math] is considered, i.e., . We first find robustness for each individual subformula using (6). Algorithm 1, Algorithm 2, Algorithm 3 and Algorithm 4 then determine satisfaction or violation of the specification with respect to the signal as well as the normalized signed AGM robustness score.
Remark 1
The command used in the AGM robustness algorithms is employed to check satisfaction or violation of the specification and determine the resulting robustness score, for which the worst case complexity is .
Theorem 2** (Soundness)**
The AGM robustness score is sound, meaning that a satisfying trajectory has a strictly positive robustness:
[TABLE]
Proof:
We prove the property by structural induction over the formula . The base case corresponding to is trivially true by definition from (6).
Let S be a signal. We have the following induction cases:
Negation: Let and . We have , and by the induction hypothesis . Thus, . Similarly, for we get .
Conjunction: Let and . Assume that one or both , , then from (8) we get which contradicts the assumption. It follows that , . By the induction hypothesis , , and thus . For the case , assume , . From (7) it follows that which is a contradiction. Thus, we have either or or both. Again by the induction hypothesis or , and thus .
Disjunction: Follows similarly to conjunction case.
Globally: Let , and . Assume that there is such that , then from (8) we get which contradicts . It follows that , . By the induction hypothesis , , and thus . For the case , assume that for all , . From (7) we have which is a contradiction. Thus, we have for some . Again by the induction hypothesis , and thus .
Eventually: Follows similarly to the globally case. ∎
Proposition 1
Let be a signal and a STL formula. If , then for all subformulae of and appropriate times as given by (7), (8). Similarly, if , then and if , then for all subformulae of and appropriate times in (7), (8).
Proof:
The proof is similar to Theorem 2. ∎
IV-A Logic properties
Let be a conjunction function defined such that for all STL formulae and signal . Explicitly,
[TABLE]
Proposition 2
The conjunction function satisfies:
[TABLE]
Similarly, we define the disjunction function which also satisfies the same properties in Proposition 2.
Remark 2
A weaker form of absorption with respect to maximum true and minimum false hold for conjunction and disjunction for all , respectively.
Let be the negation function defined such that for all STL formula and signal . Explicitly, .
Lastly, we define the implication function as .
Theorem 3** (Rules of Inference)**
The following hold:
Law of non-contradiction:* , ;* 2. 2.
Law of excluded middle:* , ;* 3. 3.
DeMorgan’s law:* , ;* 4. 4.
Double negation:* , ;* 5. 5.
Modus ponens:* if and then .*
Proof:
All properties follow directly from the definitions. ∎
Remark 3
Although is not a distributive lattice, i.e., Boolean algebra, it does satisfy the Kleene algebra condition: , .
IV-B Performance Properties
Property 1** (Smoothness and Gradient)**
The AGM robustness is smooth in almost everywhere except on the satisfaction boundaries , where is a subformula of , and appropriate times as given in (7) and (8). Moreover, the gradient of with respect to the elements of that are part of ’s predicates is non-zero wherever it is smooth.
Proof:
The property follows by structural induction over the formula , and the smoothness and non-zero gradient of the conjunction and disjunction functions on \big{(}(-1,1)\setminus\{0\}\big{)}^{2}, and negation on . The cases for the globally and eventually operators follow similarly. ∎
Property 2** (Arithmetic and Geometric Means)**
By employing arithmetic and geometric means for defining the AGM robustness, we can measure how well a specification is satisfied, taking in to account robustness for all the subformulae of or at all appropriate times and not just the most critical one with maximum/minimum satisfaction. Comparison between traditional and AGM robustness scores demonstrates the advantage of our average-based definition. For instance, consider a signal and three subformulae with and . While traditional robustness uses function and returns ; AGM definition returns , which is positive showing that the specification is satisfied, but the robustness is less than (highest satisfaction), which is attainable only when both subformulae are maximally satisfied, i.e., . We now assume and . While traditional robustness uses function and returns ; AGM definition returns , which is positive showing the specification is satisfied, but the robustness is less than , which shows a stronger satisfaction. Now consider three signals illustrated in Fig. 1. We first examine traditional and AGM robustness score for . Using function in the traditional definition, for in Fig. 1 (Left). However, AGM robustness takes a time average over the formula horizon considering all the times the predicate is satisfied; therefore, it returns higher robustness for and lower robustness and for ,, respectively. Basically, AGM robustness for can be interpreted as “eventually satisfy with the maximum possible satisfaction as early as possible and for as long as possible”. For signals in Fig. 1 (Right) and , traditional robustness with function returns for , while giving same robustness for . On the other hand, AGM definition calculates for , and lower robustness scores for and for . Thus, the AGM definition for can be interpreted as “always satisfy with the maximum possible satisfaction for all the time points in ”.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] C. Belta, B. Yordanov, and E. A. Gol, Formal methods for discrete-time dynamical systems . Springer, 2017, vol. 89.
- 2[2] A. Pnueli, “The temporal logic of programs,” in 18th Annual Symposium on Foundations of Computer Science , Oct 1977, pp. 46–57.
- 3[3] R. Koymans, “Specifying real-time properties with metric temporal logic,” Real-time systems , vol. 2, no. 4, pp. 255–299, 1990.
- 4[4] O. Maler and D. Nickovic, “Monitoring temporal properties of continuous signals,” in Formal Techniques, Modelling and Analysis of Timed and Fault-Tolerant Systems . Springer, 2004, pp. 152–166.
- 5[5] C.-I. Vasile, D. Aksaray, and C. Belta, “Time window temporal logic,” Theoretical Computer Science , vol. 691, pp. 27–54, 2017.
- 6[6] C. I. Vasile, V. Raman, and S. Karaman, “Sampling-based Synthesis of Maximally-Satisfying Controllers for Temporal Logic Specifications,” in IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS) , Vancouver, BC, Canada, 2017, pp. 3840–3847.
- 7[7] Y. Shoukry, P. Nuzzo, A. Balkan, I. Saha, A. L. Sangiovanni-Vincentelli, S. A. Seshia, G. J. Pappas, and P. Tabuada, “Linear temporal logic motion planning for teams of underactuated robots using satisfiability modulo convex programming,” in Annual Conference on Decision and Control (CDC) . IEEE, 2017, pp. 1132–1137.
- 8[8] V. Raman, A. Donzé, D. Sadigh, R. M. Murray, and S. A. Seshia, “Reactive synthesis from signal temporal logic specifications,” in Proceedings of the 18th International Conference on Hybrid Systems: Computation and Control . ACM, 2015, pp. 239–248.
