Sage Journals: Discover world-class research

Abstract

Signal temporal logic (STL) formulas have been widely used as a formal language to express complex robotic specifications, thanks to their rich expressiveness and explicit time semantics. Existing approaches for STL control synthesis suffer from limited scalability with respect to the task complexity and lack of robustness against the uncertainty, for example, external disturbances. In this paper, we study the online control synthesis problem for uncertain discrete-time systems subject to STL specifications. Different from existing techniques, we propose an approach based on STL, reachability analysis, and temporal logic trees. First, based on a real-time version of STL semantics, we develop the notion of tube-based temporal logic tree (tTLT) and its recursive (offline) construction algorithm. We show that the tTLT is an under-approximation of the STL formula, in the sense that a trajectory satisfying a tTLT also satisfies the corresponding STL formula. Then, an online control synthesis algorithm is designed using the constructed tTLT. It is shown that when the STL formula is robustly satisfiable and the initial state of the system belongs to the initial root node of the tTLT, it is guaranteed that the trajectory generated by the control synthesis algorithm satisfies the STL formula. We validate the effectiveness of the proposed approach by several simulation examples and further demonstrate its practical usability on a hardware experiment. These results show that our approach is able to handle complex STL formulas with long horizons and ensure the robustness against the disturbances, which is beyond the scope of the state-of-the-art STL control synthesis approaches.

Keywords

Signal temporal logic uncertain systems online control synthesis tube-based temporal logic tree and reachability analysis

1. Introduction

1.1. Motivation

The rapid growth of robotic applications, such as autonomous vehicles and service robots, has stimulated the need for new control synthesis approaches to safely accomplish more complex objectives such as nondeterministic, periodic, or sequential tasks (Kress-Gazit et al., 2018). Temporal logics, such as linear temporal logic (LTL) (Baier and Katoen, 2008), metric interval temporal logic (MITL) (Koymans, 1990), and signal temporal logic (STL) (Maler and Nickovic, 2004), have shown capability in expressing such objectives for dynamical systems. However, traditional control methods (e.g., linear quadratic regulator, model predictive control, and adaptive control) are originally developed for simple control objectives such as stability and set invariance (Baillieul and Samad, 2021), and these methods are restrictive to handle complex temporal logic tasks. Thus, advanced control methods must be developed to fill this gap.

As a more recently developed temporal logic, STL allows the specification of properties over dense-time. This makes it suitable for expressing complex specifications that may involve specific timing requirements or deadlines. Such specifications include time-constrained reachability (e.g., $F_{[0,60]} G_{[0,20]} A$ : visit region A within 60 s and stay there for another 20 s) and time-constrained surveillance (e.g., $G F_{[10,50]} A \land G F_{[10,50]} B$ : visit regions A and B every 10–50 s). STL was originally evaluated over continuous-time signals in Maler and Nickovic (2004), and then extended to discrete-time signals in Raman et al. (2015). STL contains predicates as the atomic elements and the truth value of each predicate is evaluated through a predicate function. Due to a number of advantages, such as explicitly treating real-valued signals (Maler and Nickovic, 2004), and admitting robustness semantics (Fainekos and Pappas, 2009), control synthesis under STL specifications has gained popularity and many efforts have been devoted for STL control synthesis in the last few years. Nevertheless, existing approaches usually suffer from limited scalability with respect to the task complexity and lack of robustness to the uncertainties from the robotic systems.

The complexity of STL formulas (e.g., the time horizon or nestedness) is in general crucial in deciding the complexity of control synthesis approaches, for example, optimization-based methods. For example, the number of integer variables in mixed-integer program based approaches grows exponentially with respect to the time horizon. Other popular approaches, for example, barrier function-based methods, only handle a fragment of STL formulas with non-nested temporal operators. On the other hand, robotic systems are usually corrupted by external disturbances and accompanied by modeling errors. These uncertainties make it challenging to reason about STL specifications due to the encoded time semantics. To the best of our knowledge, few control approaches can efficiently handle system uncertainties with robustness guarantees for STL specifications.

1.2. Related work

1.2.1. LTL or MITL control synthesis

LTL focuses on the Boolean satisfaction of properties by given signals while MITL is a continuous-time extension that allows to express temporal constraints. Existing control approaches that use LTL or MITL mainly rely on a finite abstraction of the system dynamics and a language equivalent automata (Gastin and Oddoux, 2001) or timed-automata (Alur et al., 1996) representation of the LTL or MITL specification. The controller is synthesized by solving a game over the product automata (Belta et al., 2007, 2017; Zhou et al., 2016). Other control approaches include optimization-based (Wolff and Murray, 2016; Fu and Topcu, 2015) and sampling-based methods (Vasile and Belta, 2013; Kantaros and Zavlanos, 2019).

One of the most relevant works is Gao et al. (2022). In this paper, the notion of temporal logic tree (TLT) is proposed for LTL specifications and the corresponding TLT-based control synthesis algorithm is developed. Despite some relevance, it is far from straightforward to extend these results to general STL formulas. Some significant differences between our paper and Gao et al. (2022) are highlighted as follows. First, the definitions and semantics of TLT and tTLT are largely different. In particular, the time constraints encoded in STL formulas require a new notion of real-time STL semantics for connecting tTLT and STL. Second, the control synthesis algorithms in this paper are largely different from that in Gao et al. (2022). In order to carefully monitor the time constraint satisfaction in the STL formulas, the online synthesis algorithm needs in an appropriate way to track the set node (Algorithm 7), update the tTLT (Algorithm 8), and update the post set (Algorithm 11).

1.2.2. STL control synthesis

Given the extensive literature studying STL, we restrict our attention to the following STL synthesis approaches.

1.2.2.1. Optimization-based methods

Optimization methods leverage on the fact that STL formulas can be encoded as mixed-integer constraints. Based on this, STL control synthesis can be obtained by solving a series of optimization problems (Raman et al., 2014, 2015). To avoid the complexity of integer-based optimization, smooth approximations have been proposed by using sequential quadratic programming (SQP) (Gilpin et al., 2021) or convex-concave programming (Takayama et al., 2023). Recent work studies how to reduce the integer variables using the property of logic operators (Kurtz and Lin, 2022). However, these results are restricted to deterministic systems.

An extension of the mixed-integer formulation is investigated for linear systems with additive bounded disturbances in Sadraddini and Belta (2015), where the model predictive controller is obtained by solving the optimization problem at each time step in a receding horizon fashion. In Farahani et al. (2019), a model predictive controller in the form of shrinking horizon is developed for linear systems with stochastic disturbances under STL constraints. One drawback of these approaches is the exponential computational complexity which makes it difficult to be applied to STL formulas with long time horizons. In addition, a stochastic gradient decent-based method is developed to optimize the probability that the stochastic system satisfies an STL specification (Scher et al., 2022).

1.2.2.2. Barrier function methods

Barrier function methods are mainly used for continuous-time systems. The idea is to transfer the STL formula into one or several (time-varying) control barrier functions, and then obtain feedback control laws by solving quadratic programs (Lindemann and Dimarogonas, 2019a). This method is computationally efficient. However, as the existence and design of barrier functions are still open problems, it currently mainly applies to deterministic affine systems. In Yang et al. (2020), the authors consider linear cyber-physical systems with continuous-time dynamics and discrete-time controllers. The proposed offline trajectory planner is based on a mixed integer quadratic program that utilizes control barrier functions to generate satisfying trajectories in continuous-time. Other control synthesis approaches include sampling-based (Vasile et al., 2017a; Karlsson et al., 2020) and learning-based methods (Venkataraman et al., 2020; Kapoor et al., 2020). In addition, control synthesis for multi-agent systems and STL specifications is recently considered in Lindemann and Dimarogonas (2019b); Buyukkocak et al. (2021); Sun et al. (2022).

1.2.2.3. Reachability-based methods

Reachability is a fundamental notion in systems and control and reachability analysis has been widely used for simple control objectives, for example, stability and safety (Bertsekas, 1972). In Roehm et al. (2016), a reachability-based method is proposed for STL model checking by converting an STL formula to reachset temporal logic. This method is refined in (Kochdumper and Bak, 2023) for linear deterministic systems by adequately tuning parameters to enforce over-approximation error to zero. Chen et al. (2018b) recognizes the connection between temporal logic operators and reachability, and then exploits Hamilton-Jacobi reachability for STL control synthesis, which has served as an inspiration to our work. Although there exists close relevance between Chen et al. (2018b) and our paper, some remarkable differences should be highlighted.

First, we find that the connection between temporal logic operators and reachability in Chen et al. (2018b) may not hold for nested STL formulas. We improve and extend this point by introducing the new real-time STL semantics, which is beyond Chen et al. (2018b) and motivates the proposal of the tTLTs. Second, while the control design in Chen et al. (2018b) is restricted to non-nested STL formulas, we propose a systemic way to online synthesize the robust controller for more general STL formulas. In our paper, thanks to the semantic relation between the STL formulas and their corresponding tTLTs, we are able to perform control synthesis over the tTLT, instead of the STL formulas, with a correct-by-construction guarantee.

1.2.2.4. Sampling-based/data-driven/learning-based methods

Motivated by the success of sampling-based methods in motion planning, some recent works consider the extension to the STL planing. In Vasile et al. (2017b), an RRT* approach is developed to incrementally construct a tree such that an STL specification is maximally satisfied. Barbosa et al. (2019) uses a cost function to guide exploration for satisfying a restricted fragment of STL formulas. More recent work Ho et al. (2022) integrates automaton theory and sampling-based methods for STL control synthesis of nonlinear deterministic system. When the system model is unknown, a direct data-driven STL synthesis method is studied using behavioral characterization of linear models (Van Huijgevoort et al., 2023).

In addition, learning-based methods have been becoming popular for STL verification and synthesis. For example, neural network-based methods are investigated in Liu et al. (2022); Leung and Pavone (2022); Hashimoto et al. (2022). By generating rewards in proper ways from STL specifications, reinforcement learning-based approaches have been proposed in Venkataraman et al. (2020); Kapoor et al. (2020); Singh and Saha (2023); Hamilton et al. (2022).

1.2.3. Other related work

Beyond the above literature review, the properties of STL formulas have been studied in different contexts or for different purposes. In Leung et al. (2023), a mechanism is proposed to infuse the logical structure of STL specifications into gradient-based methods by translating STL robustness formulas into computation graphs. In Lindemann et al. (2021a), the STL formulas are interpreted over discrete-time stochastic processes using the the induced risk. Based on this, risk-aware STL control is studied in Lindemann et al. (2022).

1.3. Contributions

In this paper, we aim at developing an efficient, robust, and sound control synthesis algorithm for uncertain robotic systems under STL specifications. Different from existing STL synthesis techniques, we propose an approach based on STL, reachability analysis, and temporal logic trees. The new framework is shown in Figure 1. It consists of two phases. In the offline phase, we propose to transform an STL formula into a tube-based temporal logic tree (tTLT) by performing reachability analysis on the dynamic system under consideration. As a fundamental notion in systems and control, reachability captures the evolution of dynamic systems under inputs (e.g., control inputs and uncertainties). In the online phase, the constructed tTLT is further used to guide the control synthesis. The contributions of our paper are as follows: (i) We propose a real-time version of STL semantics and establish a correspondence between STL formulas and tTLTs via reachability analysis. (ii) We develop an algorithm that can automatically and recursively construct the tTLT from the corresponding STL formula. We show that the tTLT is an under-approximation for a broad fragment of STL formulas, i.e., all the trajectories that satisfy the tTLT also satisfy the corresponding STL formula. (iii) We develop an online control synthesis algorithm based on the constructed tTLT. We show that the algorithm is robust and sound. (iv) We validate the effectiveness of the proposed approach by several simulation examples and further demonstrate its practical usability on a hardware experiment.

Figure 1.

The tTLT-based STL control synthesis framework.

It is worth mentioning that reachability analysis is the core to ensure the robustness of the proposed algorithm, since the uncertainties in the system can be explicitly addressed when performing reachability analysis. Over the past decades, there have been remarkable progresses in the computation of reachable sets for different systems. New software tools on reachability analysis facilitate the usability of the approach proposed in our paper.

We further remark that the robustness here refers to the control ability against system uncertainties. That is, we are interested in synthesizing a controller under which the signals satisfy an STL specification despite the underlying uncertainties. This is different from the notion of quantitative robustness which measures how much a signal satisfies or violates an STL specification.

1.4. Organization and notations

The remainder of the paper is organized as follows. In Section 2, preliminaries and the problem under consideration are formulated. In Section 3, definitions of real-time STL semantics and tTLTs are introduced. Section 4 establishes a semantic connection between STL and tTLT. Section 5 deals with the online control synthesis problem. The results are validated by simulations and experiments in Sections 6 and 7. Conclusions are given in Section 8. The notations used in this work are defined in Table 1.

Table 1.

Notations.

$R$	Set of real numbers
$R_{\geq 0}$	Set of nonnegative real numbers
$N$	Set of natural numbers
$R^{n}$	Euclidean space of dimension n
$R^{n \times m}$	Space of n-by-m real matrices
‖x‖	Euclidean norm of vector x
x ^T	Transpose of real vector x
∅	Empty set
$\bar{S}$	Complement of a set S
2^S	Set of all subsets of S
\|S\|	Cardinality of a set S
∪	Set union
∩	Set intersection
¬	Negation operator
∧	Logical operator AND
∨	Logical operator OR
⊂ (⊆)	Subset (subset or equivalent to)
⊃ (⊇)	Super-set (super-set or equivalent to)
[a, b]	Closed interval with end points a and b
S₁ \ S₂	Set difference of two sets S₁ and S₂

2. Preliminaries and problem Formulation

2.1. Systems dynamics

Consider an uncertain discrete-time control system of the form

x_{k + 1} = f (x_{k}, u_{k}, w_{k}),

(1)

where

x_{k} : = x (t_{k}) \in R^{n}, u_{k} : = u (t_{k}) \in U, w_{k} : = w (t_{k}) \in W, k \in N

are the state, control input, and disturbance at time t_k, respectively. The time sequence {t_k} can be seen as a sequence of sampling instants, which satisfy 0 = t₀ < t₁ < ⋯. The control input is constrained to a compact set

U \subset R^{m}

and the disturbance is constrained to a compact set

W \subset R^{l}

. In the following, let us define the control policy.

Definition 2.1

A control policy ν = ν₀ν₁…ν_k… is a sequence of maps $ν_{k} : R^{n} \to U$ , $\forall k \in N$ . Denote by $U_{\geq k}$ the set of all control policies that start from time t_k.

One can see from Definition 2.1 that a control policy ν is a sequence of time-dependent functions ν_k, each of which is a map from $R^{n}$ (i.e., the state space) to the control set U. Given the control policy ν, one can select control input u_k = ν_k (x_k) for implementation at time instant t_k.

Definition 2.2

A disturbance signal w = w₀w₁…w_k… is called admissible if $w_{k} \in W, \forall k \in N$ . Denote by $W_{\geq k}$ the set of all admissible disturbance signals that start from time t_k.

The solution of equation (1) is defined as a discrete-time signal x ≔x₀x₁…. We call x a trajectory of equation (1) if there exists a control policy $ν \in U_{\geq 0}$ and a disturbance signal $w \in W_{\geq 0}$ satisfying (1), i.e.,

x_{k + 1} = f (x_{k}, ν_{k} (x_{k}), w_{k}), \forall k \in N

We use $x_{x_{0}}^{ν, w} (t_{k})$ to denote the trajectory point reached at time t_k under the control policy ν and the disturbance w from initial state x₀.

The deterministic system is defined by

x_{k + 1} = f_{d} (x_{k}, u_{k})

(2)

and

x_{x_{0}}^{ν} (t_{k})

denotes the solution at time t_k of the deterministic system when the control policy is ν and the initial state is x₀.

2.2. Signal temporal logic

We use STL to concisely specify the desired system behavior. STL (Maler and Nickovic, 2004) is a predicate logic consisting of predicates μ, which are defined through a predicate function $g_{μ} : R^{n} \to R$ as

μ : = {\begin{cases} ⊤, & if g_{μ} (x) \geq 0, \\ ⊥, & if g_{μ} (x) < 0 . \end{cases}

The syntax of STL is given by

φ : : = ⊤ ∣ μ ∣ \neg φ ∣ φ_{1} \land φ_{2} ∣ φ_{1} U_{I} φ_{2}

(3)

where φ, φ₁, φ₂ are STL formulas and I is a closed interval of

R

of the form [a, b] with

a, b \in R_{\geq 0}

and a ≤ b.

The validity of an STL formula φ is originally defined with respect to a continuous-time signal (Maler and Nickovic, 2004). Later in Raman et al. (2015), the STL semantics with respect to a discrete-time signal has also been proposed. In this work, we study discrete-time control systems. Therefore, we adopt the STL semantics defined in (Raman et al., 2015).

The validity of an STL formula φ with respect to a discrete-time signal x at time t_k, is defined inductively as follows (Raman et al., 2015):

\begin{array}{l} (x, t_{k}) ⊨ μ \Leftrightarrow g_{μ} (x (t_{k})) \geq 0, \\ (x, t_{k}) ⊨ \neg φ \Leftrightarrow \neg ((x, t_{k}) ⊨ φ), \\ (x, t_{k}) ⊨ φ_{1} \land φ_{2} \Leftrightarrow (x, t_{k}) ⊨ φ_{1} \land (x, t_{k}) ⊨ φ_{2}, \\ (x, t_{k}) ⊨ φ_{1} U_{[a, b]} φ_{2} \Leftrightarrow \exists t_{k^{'}} \in [t_{k} + a, t_{k} + b] s . t . \\ (x, t_{k^{'}}) ⊨ φ_{2} \land \forall t_{k^{″}} \in [t_{k}, t_{k^{'}}], \\ (x, t_{k^{″}}) ⊨ φ_{1} \end{array}

The signal x = x₀x₁… satisfies φ, denoted by x ⊨ φ if ( x , t₀) ⊨ φ. By using the “negation” operator ¬ and the “conjunction” operator ∧, we can define “disjunction” φ₁ ∨ φ₂ = ¬(¬φ₁ ∧¬φ₂). And by employing the until operator $U_{I}$ , we can define “eventually” $F_{I} φ = ⊤ U_{I} φ$ and “always” $G_{I} φ = \neg F_{I} \neg φ$ .

Definition 2.3

(Dokhanchi et al., 2014) The time horizon ‖φ‖ of an STL formula φ is inductively defined as

‖ φ ‖ = {\begin{cases} 0, & i f φ = μ, \\ ‖ φ_{1} ‖, & i f φ = \neg φ_{1}, \\ \max {‖ φ_{1} ‖, ‖ φ_{2} ‖}, & i f φ = φ_{1} \land φ_{2}, \\ b + \max {‖ φ_{1} ‖, ‖ φ_{2} ‖}, & i f φ = φ_{1} U_{[a, b]} φ_{2} . \end{cases}

Definition 2.4

(Robust satisfiability) Consider the uncertain system equation (1) and the STL formula φ. We say φ is robustly satisfiable from the initial state x₀ if there exists a control policy ν such that

x_{x_{0}}^{ν, w} ⊨ φ, \forall w \in W_{\geq 0} .

Definition 2.5

(Satisfiability) Consider the deterministic system equation (2) and the STL formula φ. We say φ is satisfiable from the initial state x₀ if there exists a control policy ν such that

x_{x_{0}}^{ν} ⊨ φ .

Given an STL formula φ, the set of initial states from which φ is (robustly) satisfiable is denoted by

S_{φ} = {x_{0} \in R^{n} ∣ φ is (robustly) satisfiable from x_{0}} .

(4)

We remark that the computation of the set $S_{φ}$ is tailored to the dynamic system under consideration. Here we omit it for notation simplicity.

2.3. Reachability operators

In this section, we define two reachability operators. The natural connection between reachability and temporal operators plays an important role in the approach proposed in this paper. The definitions of maximal and minimal reachable tube are given as follows.

Definition 2.6

Consider system equation (1), three sets $Ω_{1}, Ω_{2}, C \subseteq R^{n}$ , and a time interval [a, b]. The maximal reachable tube from Ω₁ to Ω₂ is defined as

\begin{array}{l} R^{M} (Ω_{1}, Ω_{2}, C, [a, b], k) \\ = {x_{k} \in Ω_{1} | \begin{array}{l} \exists ν \in U_{\geq k}, \forall w \in W_{\geq k}, \\ \exists t_{k^{'}} \in [\max {a, t_{k}}, b], x_{x_{k}}^{ν, w} (t_{k^{'}}) \in Ω_{2}, \\ \forall t_{k^{″}} \in [t_{k}, t_{k^{'}}], x_{x_{k}}^{ν, w} (t_{k^{″}}) \in C \end{array}} \\ and t_{k} \in [0, b] . \end{array}

The set $R^{M} (Ω_{1}, Ω_{2}, C, [a, b], k)$ collects all states in Ω₁ at time t_k from which there exists a control policy $ν \in U_{\geq k}$ that, despite the worst disturbance signals, drives the system to the target set Ω₂ at some time instant t_k′ ∈ [max{a, t_k}, b] while satisfying constraints defined by $C$ prior to reaching the target.

Definition 2.7

Consider system equation (1), two sets $Ω_{1}, Ω_{2} \subseteq R^{n}$ , and a time interval [a, b]. The minimal reachable tube from Ω₁ to Ω₂ is defined as

\begin{array}{l} R^{m} (Ω_{1}, Ω_{2}, [a, b], k) \\ = {x_{k} \in Ω_{1} | \begin{array}{l} \forall ν \in U_{\geq k}, \exists w \in W_{\geq k}, \\ \exists t_{k^{'}} \in [\max {a, t_{k}}, b], x_{x_{k}}^{ν, w} (t_{k^{'}}) \in Ω_{2} \end{array}}, \\ and t_{k} \in [0, b] . \end{array}

The set $R^{m} (Ω_{1}, Ω_{2}, [a, b], k)$ collects all states in Ω₁ at time t_k from which no matter what control policy ν is applied, there exists a disturbance signal that drives the system to the target set Ω₂ at some time instant t_k′ ∈ [max{a, t_k}, b]. In this definition, the constraint set $C$ is redundant. The reason is that the minimal reachable tube is used to build a connection with “always” operator $G_{[a, b]}$ , for which the constraint set is not needed.

2.4. Problem formulation

Consider the following fragment of STL formulas, which is inductively defined as

φ : : = ⊤ ∣ μ ∣ \neg μ ∣ φ_{1} \land φ_{2} ∣ φ_{1} \lor φ_{2} ∣ ϕ U_{I} φ ∣ F_{I} φ ∣ G_{I} ϕ

(5)

where ϕ⩴⊤∣μ∣¬μ∣ϕ₁ ∧ ϕ₂∣ϕ₁ ∨ ϕ₂. Here, ϕ₁, ϕ₂ are formulas of class ϕ and φ₁, φ₂ are formulas of class φ given in equation (5).

Remark 2.1

The STL fragment defined in equation (5) includes nested STL formulas of the form $F_{[a_{1}, b_{1}]} G_{[a_{2}, b_{2}]} ϕ$ and $ϕ_{1} U_{[a_{1}, b_{1}]} (G_{[a_{2}, b_{2}]} ϕ_{2})$ , while excluding nested STL formulas of the form $G_{[a_{1}, b_{1}]} F_{[a_{2}, b_{2}]} ϕ, (G_{[a_{1}, b_{1}]} ϕ_{1}) U_{[a_{2}, b_{2}]} ϕ_{2}$ . The reason is that according to the semantics of STL, nested STL formulas like $G_{[a_{1}, b_{1}]} F_{[a_{2}, b_{2}]} ϕ$ and $(G_{[a_{1}, b_{1}]} ϕ_{1}) U_{[a_{2}, b_{2}]} ϕ_{2}$ require parallel monitoring of their arguments $F_{[a_{2}, b_{2}]} ϕ$ and $G_{[a_{1}, b_{1}]} ϕ_{1}$ within the encoded time intervals of the temporal operators $G_{[a_{1}, b_{1}]}$ and $U_{[a_{2}, b_{2}]}$ , respectively. Nevertheless, we note that the fragment equation (5) is more general than most of the fragments considered in the literature studying online control synthesis, for example, Lindemann and Dimarogonas (2018); Buyukkocak et al. (2022). Such a fragment equation (5) is expressive enough to specify a large number of robotic tasks, e.g., time-constrained reachability, supply-delivery, and safety.

Remark 2.2

It is possible to handle nested STL formulas of the form $G_{[a_{1}, b_{1}]} F_{[a_{2}, b_{2}]} ϕ$ and $(G_{[a_{1}, b_{1}]} ϕ_{1}) U_{[a_{2}, b_{2}]} ϕ_{2}$ using the framework proposed in this work. For the formula $G_{[a_{1}, b_{1}]} F_{[a_{2}, b_{2}]} ϕ$ , one can rewrite it as $F_{[a_{1} + a_{2}, b_{1} + b_{2}]} G_{[0, b_{1} - a_{1}]} ϕ$ . For the formula $(G_{[a_{1}, b_{1}]} ϕ_{1}) U_{[a_{2}, b_{2}]} ϕ_{2}$ , one can rewrite it as $G_{[a_{1}, b_{1} + b_{2}]} ϕ_{1} \land F_{[a_{2}, b_{2}]} ϕ_{2}$ . Since $x ⊨ F_{[a_{1} + a_{2}, b_{1} + b_{2}]} G_{[0, b_{1} - a_{1}]} ϕ$ implies $x ⊨ G_{[a_{1}, b_{1}]} F_{[a_{2}, b_{2}]} ϕ$ and $x ⊨ G_{[a_{1}, b_{1} + b_{2}]} ϕ_{1} \land F_{[a_{2}, b_{2}]} ϕ_{2}$ implies $x ⊨ (G_{[a_{1}, b_{1}]} ϕ_{1}) U_{[a_{2}, b_{2}]} ϕ_{2}$ , the soundness of the proposed online control synthesis algorithm preserves. However, we note that this approach introduces conservatism due to the fact that the rewritten formula is not equivalent to the original formula.

The problem under consideration is formulated as follows.

Problem 2.1

Online control synthesis. Consider system equation (1) and an STL task φ in equation (5). For an initial state x₀, find, if it exists, a sequence of control inputs ν = ν₀(x₀)ν₁(x₁)…ν_k(x_k)… such that the resulting trajectory x = x₀x₁…x_k… satisfies φ.

Remark 2.3

Note that the objective of Problem 2.1 is not to synthesize a closed-form control policy ν , which is in general computationally intractable for systems with continuous spaces. Instead, we aim at finding online a sequence of feedback control inputs in a way that is similar to receding horizon control.

The key idea to solve Problem 2.1 is as follows. We first transform the STL formula to an alternative tree-based representation, which we call a tube-based temporal logic tree (tTLT), by leveraging reachability analysis as detailed in Section 3. There exists a semantic connection between the STL formula and the corresponding tTLT, thanks to the reachability analysis, which is explained in Section 4. Based on this fact, we can perform control synthesis over the tTLT, instead of the STL formula. An online control synthesis algorithm is provided in Section 5.

3. Real-time STL semantics and tube-based temporal logic tree

In this section, a real-time version of STL semantics and a notion of tTLT are proposed. The real-time STL semantics establish the satisfaction relation between a real-time signal and the STL formula. Based on these real-time semantics, we propose the tTLT using the close connection between STL and reachability analysis.

3.1. Real-time STL semantics

The real-time STL semantics is defined to capture the satisfaction relation between a real-time signal and an STL formula, which is different from the traditional STL semantics defined in Section 2.2. Before proceeding, the following definition is required.

Definition 3.1

Suffix and Completions. Given a discrete-time signal x = x₀x₁…, we say that a partial signal $s = s_{l} s_{l + 1} \dots, l \in N$ , is a suffix of the signal x if ∀k′ ≥ l, s_k′ = x_k′. The set of completions of a partial signal s , denoted by C( s ), is given by

C (s) : = {x : s is a suffix of x} .

Given a time instant t_k and a time interval [a, b], define t_k + [a, b]≔[t_k + a, t_k + b]. The real-time STL semantics is defined as follows.

Definition 3.2

Let t_k be the starting time of any STL formula φ to be evaluated. Let t_l ≥ t_k be the starting time of a partial signal s = s_ls_l+1…. The real-time satisfaction of φ with respect to the partial signal s , denoted by ( s , t_k, t_l)∣≍φ, is recursively defined by equation (6).

\begin{array}{l} (s, t_{k}, t_{l}) ∣ ≍ μ & \Leftrightarrow & g_{μ} (s (t_{k})) \geq 0, t_{l} = t_{k}; \end{array}

(6a)

\begin{array}{l} (s, t_{k}, t_{l}) ∣ ≍ \neg φ & \Leftrightarrow & \neg ((s, t_{k}, t_{l}) ∣ ≍ φ), t_{l} \in t_{k} + [0, ‖ φ ‖]; \end{array}

(6b)

\begin{array}{l} (s, t_{k}, t_{l}) ∣ ≍ φ_{1} \land φ_{2} & \Leftrightarrow & (s, t_{k}, t_{l}) ∣ ≍ φ_{1} \land (s, t_{k}, t_{l}) ∣ ≍ φ_{2}, t_{l} \in t_{k} + [0, ‖ φ_{1} \land φ_{2} ‖]; \end{array}

(6c)

\begin{array}{l} (s, t_{k}, t_{l}) ∣ ≍ φ_{1} U_{[a, b]} φ_{2} \Leftrightarrow \\ {\begin{cases} \exists t_{k^{'}} \in [\max {t_{k} + a, t_{l}}, t_{k} + b] s . t . (s, t_{k^{'}}, t_{l}) ∣ ≍ φ_{2}, & if ‖ φ_{2} ‖ = 0, \\ \exists t_{k^{'}} \in [t_{k} + a, t_{k} + b] s . t . (s, t_{k^{'}}, t_{l}) ∣ ≍ φ_{2}, & otherwise, \end{cases} \\ \land if t_{l} \leq t_{k^{'}}, \forall t_{k^{″}} \in [t_{l}, t_{k^{'}}], (s, t_{k^{″}}, t_{l}) ∣ ≍ φ_{1}, t_{l} \in t_{k} + [0, ‖ φ_{1} U_{[a, b]} φ_{2} ‖] . \end{array}

(6d)

The real-time satisfaction relation ( s , t_k, t_l)∣ ≍ φ suggests that the partial signal s is the suffix of a satisfying trajectory that starts from t_k, i.e.,

(s, t_{k}, t_{l}) ∣ ≍ φ \Leftarrow \exists x \in C (s), (x, t_{k}) ⊨ φ .

Using the induction rule, one can define the real-time STL semantics for “disjunction” φ₁ ∨ φ₂, “eventually” $F_{[a, b]} φ$ , and “always” $G_{[a, b]} φ$ .

In parallel with Definitions 2.4 and 2.5, we define the STL satisfiability given a partial signal as follows.

Definition 3.3

Consider uncertain system equation (1) and the STL formula φ. We say φ is robustly satisfiable from the state x_k at time t_k if there exists a control policy $ν \in U_{\geq k}$ such that

(x_{x_{k}}^{ν, w}, t_{0}, t_{k}) ∣ ≍ φ, \forall w \in W_{\geq k} .

Definition 3.4

Consider the deterministic system equation (2) and the STL formula φ. We say φ is satisfiable from the state x_k at time t_k if there exists a control policy $ν \in U_{\geq k}$ such that

(x_{x_{k}}^{ν}, t_{0}, t_{k}) ∣ ≍ φ .

Note that when t_k = t₀, Definitions 3.3 and 3.4 reduce to Definitions 2.4 and 2.5, respectively. Given an STL formula φ, the set of states from which φ is robustly satisfiable at t_k is denoted by

\begin{array}{l} S_{φ} (t_{k}) : = {x_{k} \in R^{n} ∣ φ is (robustly) satisfiable \\ from x_{k} at t_{k}} . \end{array}

(7)

Then, we have the following results.

Proposition 3.1

Consider system equation (1) and predicates μ₁, μ₂. Then, one has

i) $S_{μ_{1} U_{[a, b]} μ_{2}} (t_{k}) = R^{M} (R^{n}, S_{μ_{2}}, S_{μ_{1}}, [a, b], k)$ ;

ii) $S_{F_{[a, b]} μ_{1}} (t_{k}) = R^{M} (R^{n}, S_{μ_{1}}, R^{n}, [a, b], k)$ ;

iii) $S_{G_{[a, b]} μ_{1}} (t_{k}) = \bar{R^{m} (R^{n}, \bar{S_{μ_{1}}}, [a, b], k)}$ , where $S_{μ_{1}}$ and $S_{μ_{2}}$ are defined in equation (4).

Proof

First, we prove item i). Assume that $x_{k} \in S_{μ_{1} U_{[a, b]} μ_{2}} (t_{k})$ . According to the real-time STL semantics, one has that $\exists ν \in U_{\geq k}, \forall w \in W_{\geq k}$ such that

• ∃t_k′ ∈ [max{a, t_k}, b],

(x_{x_{k}}^{ν, w}, t_{k^{'}}, t_{k}) ∣ ≍ μ_{2} \Rightarrow x_{x_{k}}^{ν, w} (t_{k^{'}}) \in S_{μ_{2}},

• ∀t_k″ ∈ [t_k, t_k′],

(x_{x_{k}}^{ν, w}, t_{k^{″}}, t_{k}) ∣ ≍ μ_{1} \Rightarrow x_{x_{k}}^{ν, w} (t_{k^{″}}) \in S_{μ_{1}} .

That is, $x_{k} \in R^{M} (R^{n}, S_{μ_{2}}, S_{φ_{1}}, [a, b], k)$ .

Now we assume that $x_{k} \in R^{M} (R^{n}, S_{μ_{2}}, S_{μ_{1}}, [a, b], k)$ . According to Definition 2.6, one has that $\exists ν \in U_{\geq k}, \forall w \in W_{\geq k}$ such that $\exists t_{k^{'}} \in [\max {a, t_{k}}, b], x_{x_{k}}^{ν, w} (t_{k^{'}}) \in S_{μ_{2}}$ and $\forall t_{k^{″}} \in [t_{k}, t_{k^{'}}], x_{x_{k}}^{ν, w} (t_{k^{″}}) \in S_{μ_{1}}$ . According to equation (7), one can further get that

\begin{array}{l} x_{x_{k}}^{ν, w} (t_{k^{'}}) \in S_{μ_{1}} \Rightarrow (x_{x_{k}}^{ν, w}, t_{k^{'}}, t_{k}) ∣ ≍ μ_{1}, \\ x_{x_{0}}^{ν, w} (t_{k^{″}}) \in S_{μ_{2}} \Rightarrow (x_{x_{k}}^{ν, w}, t_{k^{″}}, t_{k}) ∣ ≍ μ_{2} . \end{array}

Therefore, $x_{k} \in S_{μ_{1} U_{[a, b]} μ_{2}} (t_{k})$ .

The proof of item ii) is similar and hence omitted. Next, let us prove item iii).

Assume that $x_{k} \in S_{G_{[a, b]} μ_{1}} (t_{k})$ . According to the real-time STL semantics, one has that $\exists ν \in U_{\geq k}, \forall w \in W_{\geq k}$ such that ∀t_k′ ∈ [max{a, t_k}, b],

(x_{x_{k}}^{ν, w}, t_{k^{'}}, t_{k}) ∣ ≍ μ_{1} \Rightarrow x_{x_{k}}^{ν, w} (t_{k^{″}}) \in S_{μ_{1}} .

According to Definition 2.7, $R^{m} (R^{n}, \bar{S_{μ_{1}}}, [a, b], k)$ collects all states in $R^{n}$ at time t_k from which no matter what control policy $ν \in U_{\geq k}$ is applied, there exists a disturbance signal $w \in W_{\geq k}$ that drives the system to the set $\bar{S_{μ_{1}}}$ at some time instant t_k′ ∈ [max{a, t_k}, b]. Therefore, $x_{k} \in \bar{R^{m} (R^{n}, \bar{S_{μ_{1}}}, [a, b], k)}$ . The other side can be proved similarly. □

In item iii) of Proposition 3.1, the use of the complementary set is motivated by the fact that $G_{[a, b]} μ = \neg F_{[a, b]} (\neg μ)$ and $S_{\neg μ} = \bar{S_{μ}}$ .

Proposition 3.2

Consider system equation (1) and STL formulas φ₁, φ₂. If φ₁ and φ₂ contain no logical operators ∧ and ∨, then one has

i) $S_{φ_{1} \land φ_{2}} (t_{k}) \subseteq S_{φ_{1}} (t_{k}) \cap S_{φ_{2}} (t_{k})$ ;

ii) $S_{φ_{1} \lor φ_{2}} (t_{k}) \supseteq S_{φ_{1}} (t_{k}) \cup S_{φ_{2}} (t_{k})$ ;

where

S_{φ_{1}} (t_{k})

and

S_{φ_{2}} (t_{k})

are defined in equation (7).

Proof

Assume that $x_{k} \in S_{φ_{1} \land φ_{2}} (t_{k})$ . According to Definition 3.2 and equation (7), one has that there exists a control policy $ν \in U_{\geq k}$ such that

\begin{array}{l} (x_{x_{k}}^{ν, w}, t_{0}, t_{k}) ∣ ≍ φ_{1}, \forall w \in W_{\geq k} \\ \land (x_{x_{k}}^{ν, w}, t_{0}, t_{k}) ∣ ≍ φ_{2}, \forall w \in W_{\geq k} . \end{array}

That is, $x_{k} \in S_{φ_{1}} (t_{k}), x_{k} \in S_{φ_{2}} (t_{k})$ . Thus, $x_{k} \in S_{φ_{1} \land φ_{2}} (t_{k}) \Rightarrow x_{k} \in S_{φ_{1}} (t_{k}) \cap S_{φ_{2}} (t_{k})$ . The other direction may not hold because it could happen that for a state x_k, there exist two control policies $ν_{1}, ν_{2} \in U_{\geq k}$ such that $(x_{x_{k}}^{ν_{1}, w}, t_{0}, t_{k}) ∣ ≍ φ_{1}, (x_{x_{k}}^{ν_{2}, w}, t_{0}, t_{k}) ∣ ≍ φ_{2}, \forall w \in W_{\geq k}$ (i.e., $x_{k} \in S_{φ_{1}} (t_{k}) \cap S_{φ_{2}} (t_{k})$ ). However, there is no control policy which ensures the robust satisfaction of φ₁ ∧ φ₂ at t_k.

Assume now that $x_{k} \in S_{φ_{1}} (t_{k})$ , then one has that there exists a control policy $ν \in U_{\geq k}$ such that $(x_{x_{k}}^{ν, w}, t_{0}, t_{k}) ∣ ≍ φ_{1}, \forall w \in W_{\geq k}$ . Moreover, according to STL syntax, one further has $(x_{x_{k}}^{ν, w}, t_{0}, t_{k}) ∣ ≍ φ_{1} \lor φ_{2}, \forall w \in W_{\geq k}$ . That is, $x_{k} \in S_{φ_{1}} (t_{k}) \Rightarrow x_{k} \in S_{φ_{1} \lor φ_{2}} (t_{k})$ . Similarly, one can also get $x_{k} \in S_{φ_{2}} (t_{k}) \Rightarrow x_{k} \in S_{φ_{1} \lor φ_{2}} (t_{k})$ . Therefore, $x_{k} \in S_{φ_{1}} (t_{k}) \cup S_{φ_{2}} (t_{k}) \Rightarrow x_{k} \in S_{φ_{1} \lor φ_{2}} (t_{k})$ . The other direction may not hold because it could happen that there exists no state such that either φ₁ or φ₂ is robustly satisfiable from at t_k, i.e., $S_{φ_{1}} (t_{k}) = \emptyset$ , $S_{φ_{2}} (t_{k}) = \emptyset$ and thus $S_{φ_{1}} (t_{k}) \cup S_{φ_{2}} (t_{k}) = \emptyset$ . However, there exists a state $x_{k}^{*}$ from which there exists a control policy $ν \in U_{\geq k}$ such that

\begin{array}{l} (x_{x_{k}^{*}}^{ν, w_{1}}, t_{0}, t_{k}) ∣ ≍ φ_{1}, \forall w_{1} \in W_{1} \\ \land (x_{x_{k}^{*}}^{ν, w_{2}}, t_{0}, t_{k}) ∣ ≍ φ_{2}, \forall w_{2} \in W_{\geq k} ∖ W_{1} \end{array}

where

W_{1} \subset W_{\geq k}

. In this case, one has

x_{k}^{*} \in S_{φ_{1} \lor φ_{2}} (t_{k})

. □

Propositions 3.1 and 3.2 imply that the real-time satisfiable set of the STL formula can be inferred by set operations and reachability analysis, which makes it reasonable to develop the tTLT, a tree structure consisting of reachable tubes and operators. In the following section, we will detail the definition of tTLT and how to construct a tTLT from a given STL formula using reachability analysis.

3.2. Tube-based temporal logic tree and its construction

In this section, we formally introduce the notion of tTLT and provide its construction algorithm. A tTLT is a variant of the TLT proposed in the recent work (Gao et al., 2022) for LTL formulas. Due to the time-dependent essence of STL formulas, the reachable sets in the TLT are replaced with the reachable tubes in the tTLT, which can explicitly incorporate the time constraints in STL formulas. The intuition of the tTLT is that it indicates how a state trajectory should evolve in order to satisfy the time constraints embedded in an STL formula. In the following, a formal definition of the tTLT is introduced.

Definition 3.5

A tTLT is a tree for which the following holds:

• each node is either a tube node that maps from the nonnegative time axis, i.e., $R_{\geq 0}$ , to a subset of $R^{n}$ , or an operator node that belongs to ${\land, \lor, U_{I}, F_{I}, G_{I}}$ ;

• the root node and the leaf nodes are tube nodes;

• if a tube node is not a leaf node, its unique child is an operator node;

• the children of any operator node are tube nodes.

Definition 3.6

A complete path p of a tTLT is a path that starts from the root node and ends at a leaf node.

The following result shows how to construct a tTLT for any given STL formula using reachability analysis.

Theorem 3.1

For system equation (1) and every STL formula φ in equation (3), a tTLT, denoted by $T_{φ}$ , can be constructed from φ through the reachability operators $R^{M}$ and $R^{m}$ .

Proof

We follow three steps to construct a tTLT.

Step 1

Rewrite the STL formula φ into the equivalent positive normal form (PNF). It has been proven in Sadraddini and Belta (2015) that each STL formula has an equivalent STL formula in PNF (i.e., negations only occur adjacent to predicates), which can be inductively defined as

\begin{array}{l} φ : : = ⊤ ∣ μ ∣ \neg μ ∣ φ_{1} \land φ_{2} ∣ φ_{1} \lor φ_{2} \\ ∣ φ_{1} U_{I} φ_{2} ∣ F_{I} φ_{1} ∣ G_{I} φ_{1} \end{array}

Step 2

For each predicate μ or its negation ¬μ, construct the tTLT with only one tube node $S_{μ} = {x : g_{μ} (x) \geq 0}$ or $\bar{S_{μ}}$ . The tTLT of ⊤ or ⊥ has only one tube node, which is $R^{n}$ or ∅.

Step 3

Following the induction rule to construct the tTLT $T_{φ}$ . More specifically, we will show that given STL formulas φ₁ and φ₂, if the tTLTs can be constructed from φ₁ and φ₂, then the tTLTs can be constructed from φ₁ ∧ φ₂, φ₁ ∨ φ₂, $φ_{1} U_{[a, b]} φ_{2}$ , $F_{[a, b]} φ_{1}$ , and $G_{[a, b]} φ_{1}$ .

Case 1

Boolean operators ∧ and ∨. Consider two STL formulas φ ₁ , φ ₂ and their corresponding tTLTs $T_{φ_{1}}, T_{φ_{2}}$ . The root nodes of $T_{φ_{1}}$ and $T_{φ_{2}}$ are denoted by $X_{φ_{1}} (t_{k})$ and $X_{φ_{2}} (t_{k})$ , respectively. The tTLT $T_{φ_{1} \land φ_{2}}$ $(T_{φ_{1} \lor φ_{2}})$ can be constructed by connecting $X_{φ_{1}} (t_{k})$ and $X_{φ_{2}} (t_{k})$ through the operator node ∧ (∨) and taking the intersection (or union) of the two root nodes, i.e., $X_{φ_{1}} (t_{k}) \cap X_{φ_{2}} (t_{k})$ $(X_{φ_{1}} (t_{k}) \cup X_{φ_{2}} (t_{k}))$ , to be the root node. An illustrative diagram for φ ₁ ∧ φ ₂ is given in Figure 2 .

Figure 2.

Illustrative diagram of construction tTLT for φ₁ ∧ φ₂.

Case 2

Until operator $U_{[a, b]}$ . Consider two STL formulas φ ₁ , φ ₂ and their corresponding tTLTs $T_{φ_{1}}, T_{φ_{2}}$ . The root nodes of $T_{φ_{1}}$ and $T_{φ_{2}}$ are denoted by $X_{φ_{1}} (t_{k})$ and $X_{φ_{2}} (t_{k})$ , respectively. In addition, the leaf nodes of $T_{φ_{1}}$ are denoted by $Y_{φ_{1}}^{1} (t_{k}), \dots, Y_{φ_{1}}^{N} (t_{k})$ , where N is the total number of leaf nodes of $T_{φ_{1}}$ . The tTLT $T_{φ_{1} U_{[a, b]} φ_{2}}$ can be constructed by the following steps: 1) replace each leaf node $Y_{φ_{1}}^{i} (t_{k})$ by $R^{M} (R^{n}, X_{φ_{2}} (t_{0}), Y_{φ_{1}}^{i} (t_{0}), [a, b], k)$ ; 2) update $T_{φ_{1}}$ from the leaf nodes to the root node with the new leaf nodes; and 3) connect each leaf node of the updated $T_{φ_{1}}$ and the root node of $T_{φ_{2}}$ , i.e., $X_{φ_{2}} (t_{k})$ , with the operator node U_[a,b] One illustrative diagram for $U_{[a, b]}$ is given in Figure 3 .

Figure 3.

Illustrative diagram of construction tTLT for $φ_{1} U_{[a, b]} φ_{2}$ .

Case 3

Eventually and always operators $F_{[a, b]}$ and $G_{[a, b]}$ . Consider an STL formula φ₁ and its corresponding tTLT $T_{φ_{1}}$ . The root node of $T_{φ_{1}}$ is given by $X_{φ_{1}} (t_{k})$ . The tTLT $T_{F_{[a, b]} φ_{1}}$ $(T_{G_{[a, b]} φ_{1}})$ can be constructed by connecting $X_{φ_{1}} (t_{k})$ through the operator $F_{[a, b]}$ $(G_{[a, b]})$ and making the tube $R^{M} (R^{n}, X_{φ_{1}} (t_{0}), R^{n}, [a, b], k)$ $(\bar{R^{m} (R^{n}, \bar{X_{φ_{1}} (t_{0})}, [a, b], k)})$ the root node. An illustrative diagram for $G_{[a, b]}$ is given in Figure 4. □

Based on Theorem 3.1, Algorithm 1 is designed for the construction of tTLT $T_{φ}$ . It takes the syntax tree of the STL formula φ as input. For an STL formula, the nodes of its syntax tree are either predicate or operator nodes. More specifically, all the leaf nodes are predicates and all other nodes are operators.

Algorithm 1. tTLTConstruction.

Let us use the following example to show how to construct the tTLT.

Figure 4.

Illustrative diagram of construction tTLT for $G_{[a, b]} φ_{1}$ .

Example 3.1

Consider the formula $φ = F_{[a_{1}, b_{1}]} G_{[a_{2}, b_{2}]} μ_{1} \land μ_{2} U_{[a_{3}, b_{3}]} μ_{3}$ , where μ _i , i = {1, 2, 3} are predicates. The syntax tree of φ is shown on the left-hand side of Figure 5 . The corresponding tTLT for φ (constructed using Algorithm 1) is shown on the right-hand side of Figure 5 , where

\begin{array}{l} X_{4} (t_{k}) = \bar{R^{m} (R^{n}, \bar{S_{μ_{1}}}, [a_{2}, b_{2}], k)}, \\ X_{3} (t_{k}) = R^{M} (R^{n}, S_{μ_{3}}, S_{μ_{2}}, [a_{3}, b_{3}], k), \\ X_{2} (t_{k}) = R^{M} (R^{n}, X_{4} (t_{0}), R^{n}, [a_{1}, b_{1}], k), \\ X_{1} (t_{k}) = X_{2} (t_{k}) \cap X_{3} (t_{k}) \end{array}

Figure 5.

Example 3.1: syntax tree (left) and tTLT (right) for $φ = F_{[a_{1}, b_{1}]} G_{[a_{2}, b_{2}]} μ_{1} \land μ_{2} U_{[a_{3}, b_{3}]} μ_{3}$ . Recall that $F_{[a, b]} φ = ⊤ U_{[a, b]} φ$ .

Remark 3.1

Given an STL formula φ in PNF, let K denote the number of Boolean operators and L the number of temporal operators contained in φ. Let $T_{φ}$ be the tTLT corresponding to φ. Then, $T_{φ}$ has at most 2K complete paths. In addition, each complete path has at most 2(K + L) + 1 nodes, out of which at most K + L are non-root tube nodes. Thus, one can conclude that $T_{φ}$ contains at most 4K(K + L) + 1 nodes, out of which at most 2K(K + L) + 1 are tube nodes.

4. Semantic connection between STL and tTLT

In this section, the semantic connection between an STL formula and its corresponding tTLT is derived. We define how a given state trajectory satisfies a tTLT and then show that the tTLT is a semantic under-approximation of the STL formula. Before that, let us first define the segment of the complete path.

Definition 4.1

A complete path of a tTLT can be encoded in the form of $p = X_{0} Θ_{1} X_{1} Θ_{2} \dots Θ_{N_{f}} X_{N_{f}}$ , where N _f is the number of operator nodes contained in the complete path, $X_{i} : R_{\geq 0} \to 2^{R^{n}}, \forall i \in {0,1, \dots, N_{f}}$ represent tube nodes, and $Θ_{j} \in {\land, \lor, U_{I}, F_{I}, G_{I}}, \forall j \in {1, \dots, N_{f}}$ represent operator nodes. Any subsequence of a complete path is called a segment of the complete path.

Now, we define the maximal temporal segment for a tTLT, which plays an important role when simplifying the tTLT.

Definition 4.2

A maximal temporal segment (MTS) of a complete path of the tTLT is one of the following types of segment:

1) a segment from the root node to the parent of the first Boolean operator node (∧ or ∨);

2) a segment from one child of one Boolean operator node to the parent of the next Boolean operator node;

3) a segment from one child of the last Boolean operator node to the leaf node.

One can conclude from Definition 4.2 that any MTS starts and ends with a tube node and contains no Boolean operator nodes.

Definition 4.3

A time coding of (a complete path of) the tTLT is an assignment of each tube node $X_{i}$ of (the complete path of) the tTLT an activation time instant $t_{κ_{i}}, κ_{i} \in N$ .

Now, we further define the satisfaction relation between a trajectory x and a complete path of the tTLT.

Definition 4.4

Consider a trajectory x ≔x ₀ x ₁ … and a complete path $p = X_{0} Θ_{1} X_{1} Θ_{2} \dots Θ_{N_{f}} X_{N_{f}}$ . We say x satisfies p , denoted by x ⊨ p , if there exists a time coding for p such that

i) if Θ _i ∈ {∧, ∨}, then $t_{κ_{i}} = t_{κ_{i - 1}}$ ;

ii) if $Θ_{i} = U_{I}$ , then $t_{κ_{i}} \in t_{κ_{i - 1}} + I$ ;

iii) if $Θ_{i} = G_{I}$ , then $t_{κ_{i}} = \underset{t_{k}}{argmax} {t_{k} \in t_{κ_{i - 1}} + I}$ ;

and

iv) $x_{k} \in X_{i} (t_{k - κ_{i}}), \forall k \in [κ_{i}, κ_{i + 1}], i = 0, \dots, N_{f} - 1$ ;

v) $x_{κ_{N_{f}}} \in X_{N_{f}} (t_{0})$ .

Remark 4.1

From items i)-iii) of Definition 4.4, one has that $t_{κ_{0}} \leq t_{κ_{1}} \leq \dots \leq t_{κ_{N_{f}}}$ . This means that if a trajectory x ⊨ p , it must visit each tube node $X_{i}$ of the complete path p sequentially. In addition, we can further conclude from items iv)-v) that the trajectory x has to stay in each tube node $X_{i}$ for sufficiently long time steps.

With Definition 4.4, the satisfaction relation between a trajectory x and a tTLT $X_{i}$ can be defined as follows.

Definition 4.5

Consider a trajectory x and a tTLT $T_{φ}$ . We say x satisfies $T_{φ}$ , denoted by $x ⊨ T_{φ}$ , if there exists a time coding ${t_{κ_{i}}}$ for $T_{φ}$ such that the output of Algorithm 2 is true.

The central idea of Algorithm 2 is to check the Boolean relation among sub-formulas of a given STL formula φ. For instance, assume $φ = \land_{i = 1}^{n} φ_{i}$ , where each φ_i, ∀i = 1, …, n contains no Boolean operators. Then one can get from Algorithm 1 that $T_{φ}$ has n complete paths p _i, i = 1, …, n, and each p _i corresponds to a sub-formula φ_i. Then Algorithm 2 dictates that $x ⊨ T_{φ}$ if and only if x satisfies every complete path of $T_{φ}$ . Assume now that $φ = \lor_{i = 1}^{n} φ_{i}$ , then Algorithm 2 dictates that $x ⊨ T_{φ}$ if and only if x satisfies at least one complete path of $T_{φ}$ .

Algorithm 2. tTLTSatisfaction.

Algorithm 2 takes as inputs a trajectory x , a tTLT $T_{φ}$ , and a time coding ${t_{κ_{i}}}$ , and outputs true or false. It works as follows. Given a tTLT $T_{φ}$ , we first compress it via Algorithm 3 (line 1), in this way the resulting compressed tree $T_{φ}^{c}$ contains only Boolean operator nodes and tube nodes. Then for each complete path p of $T_{φ}$ , if x ⊧ p , one sets the corresponding leaf node of p in $T_{φ}^{c}$ (note that $T_{φ}^{c}$ and $T_{φ}$ have the same set of leaf nodes) with true. Otherwise, one sets the corresponding leaf node of p in $T_{φ}^{c}$ with false (lines 2-8). After that, we set all the non-leaf tube nodes of $T_{φ}^{c}$ with false (line 9) and the resulting tree becomes a Boolean tree (a tree with Boolean operator and Boolean variable nodes). Finally, we backtrack the Boolean tree $T_{φ}^{c}$ using Algorithm 4, and return the root node (lines 10-11).

We further detail the Compression algorithm (Algorithm 3) and the Backtracking algorithm (Algorithm 4) in the following. Algorithm 3 aims at obtaining a simplified tree with Boolean operator nodes and tube nodes only. To do so, we first encode each MTS in the form of $X_{1} Θ_{1} \dots Θ_{N_{f} - 1} X_{N_{f}}$ (line 3), and then replace it with one tube node (line 4). Algorithm 4 takes the compressed tree $T_{φ}^{c}$ as an input, and then update the parent of each Boolean operator node through a bottom-up traversal. In Algorithm 4, PA(Θ) and CH₁(Θ), CH₂(Θ) represent the parent node and the two children of the Boolean operator node Θ ∈ {∧, ∨}, respectively.

Algorithm 3. Compression.

Algorithm 4. Backtracking.

Example 4.1

Let us continue with Example 3.1. The tTLT $T_{φ}$ (right of Figure 5 ) contains 2 complete paths, i.e.,

p_{1} : = X_{1} \land X_{2} U_{[a_{1}, b_{1}]} X_{4} G_{[a_{2}, b_{2}]} S_{μ_{1}}

And

p_{2} : = X_{1} \land X_{3} U_{[a_{3}, b_{3}]} S_{μ_{3}}

Let

{t_{κ_{1}}, t_{κ_{2}}, t_{κ_{4}}, t_{κ_{5}}}

Be the time coding of the complete path p ₁ , where $t_{κ_{1}}, t_{κ_{2}}, t_{κ_{4}}$ , and $t_{κ_{5}}$ are the activation time instants of the tube nodes $X_{1}, X_{2}, X_{4}$ , and $X_{5} : = S_{μ_{1}}$ , respectively. Then, we have according to Definition 4.4 that a trajectory x ⊨ p ₁ if i) $t_{κ_{1}} = t_{κ_{2}}$ ; ii) $t_{κ_{4}} \in t_{κ_{2}} + [a_{1}, b_{1}]$ ; iii) $t_{κ_{4}} \in t_{κ_{2}} + [a_{1}, b_{1}]$ ; iv) $x_{0} \in X_{1} (t_{0})$ , $x_{k} \in X_{2} (t_{k - κ_{2}}), \forall k \in [κ_{2}, κ_{4}]$ , $x_{k} \in X_{4} (t_{k - κ_{4}}), \forall k \in [κ_{4}, κ_{5}]$ , and v) $x_{κ_{5}} \in X_{5}$ .

In addition, the tTLT $T_{φ}$ contains 3 MTSs, i.e., $X_{1}$ , $X_{2} U_{[a_{1}, b_{1}]} X_{4} G_{[a_{2}, b_{2}]} S_{μ_{1}}$ , and $X_{3} U_{[a_{3}, b_{3}]} S_{μ_{3}}$ . The compressed tree $T_{φ}^{c}$ is shown in Figure 6 . If a trajectory x satisfies both of the complete paths p ₁ and p ₂ , the output of Algorithm 2 is true, otherwise, the output is false.

Figure 6.

Example 4.1: compressed tree $T_{φ}^{c}$ , where $T_{φ}$ is plotted in Figure 5.

Definition 4.6

(Robustly satisfiable tTLT) A tTLT is called robustly satisfiable for system equation (1) with initial state x₀ if there exists a control policy $ν \in U_{\geq 0}$ such that $x_{x_{0}}^{ν, w} ⊨ T_{φ}, \forall w \in W_{\geq 0}$ .

The following theorem provides a formally semantic relation between the STL formula fragment in equation (5) and the corresponding tTLTs.

Theorem 4.1

Consider the uncertain system equation (1) with initial state x₀ and an STL formula φ in equation (5). Let $T_{φ}$ be the tTLT corresponding to φ. Then, φ is robustly satisfiable for equation (1) if $T_{φ}$ is robustly satisfiable for equation (1).

Proof

From Definitions 2.4 and 4.6, one has that to prove Theorem 4.1, it is equivalent to prove $x_{x_{0}}^{ν, w} ⊨ T_{φ}, \forall w \in W_{\geq 0} \Rightarrow x_{x_{0}}^{ν, w} ⊨ φ, \forall w \in W_{\geq 0}$ . Given one instance of disturbance signal w , if one has $x_{x_{0}}^{ν, w} ⊨ T_{φ} \Rightarrow x_{x_{0}}^{ν, w} ⊨ φ$ , then it implies $x_{x_{0}}^{ν} ⊨ T_{φ}, \forall w \in W_{\geq 0} \Rightarrow x_{x_{0}}^{ν, w} ⊨ φ, \forall w \in W_{\geq 0}$ . Therefore, it is sufficient to prove $x_{x_{0}}^{ν, w} ⊨ T_{φ} \Rightarrow x_{x_{0}}^{ν, w} ⊨ φ$ .

In the following, we will first prove $x_{x_{0}}^{ν, w} ⊨ T_{φ} \Leftrightarrow x_{x_{0}}^{ν, w} ⊨ φ$ for

i) ⊤, predicates μ, ¬μ, and μ₁ ∧ μ₂, μ₁ ∨ μ₂,

ii) $μ_{1} U_{[a, b]} μ_{2}$ , $F_{[a, b]} μ_{1}$ , and $G_{[a, b]} μ_{1}$ ;

iii) ${μ_{1} U}_{[a_{1}, b_{1}]} G_{[a_{2}, b_{2}]} μ_{2}$ and $F_{[a_{1}, b_{1}]} G_{[a_{2}, b_{2}]} μ_{1}$ ;

iv) $φ_{1} \land φ_{2}$ ;

where φ₁ and φ₂ in item iv) are STL formulas belong to items ii) or iii).

Case i): For ⊤, predicates μ, ¬μ, and μ₁ ∧ μ₂, μ₁ ∨ μ₂, it is trivial to verify that $x_{x_{0}}^{ν, w} ⊨ T_{φ} \Leftrightarrow x_{x_{0}}^{ν, w} ⊨ φ$ .

Case ii): We note that the proofs of the three are similar, therefore, in the following, we only consider the case $φ = μ_{1} U_{[a, b]} μ_{2}$ . The tTLT $S_{j} (t_{k}) = P o s t (S_{i} (t_{k}))$ can be constructed via Algorithm 1, which is shown in Figure 7.

Assume that $x_{x_{0}}^{ν, w} ⊨ T_{φ}$ , then one has from Definition 4.4 that $\exists t_{κ_{1}} \in t_{0} + [a, b], x_{κ_{1}} \in S_{μ_{2}}$ and $\forall k \in [0, κ_{1}], x_{k} \in R^{M} (R^{n}, S_{μ_{2}}, S_{μ_{1}}, [a, b], k) \subseteq S_{μ_{1}}$ , which implies $x_{x_{0}}^{ν, w} ⊨ φ$ . That is, $U (x_{k}, t_{k})$ . Assume now that $x_{x_{0}}^{ν, w} ⊨ φ$ . Then, one has from STL semantics that i) $\exists t_{k^{'}} \in t_{0} + [a, b], x_{k^{'}} \in S_{φ_{2}}$ and ii) $\forall t_{k^{″}} \in [t_{0}, t_{k^{'}}], x_{k^{″}} \in S_{φ_{1}}$ . Moreover, from Definition 2.6, one has that i) and ii) together implies $\forall t_{k^{″}} \in [t_{0}, t_{k^{'}}], x_{k^{″}} \in R^{M} (R^{n}, S_{μ_{2}}, S_{μ_{1}}, [a, b], k^{″})$ . Therefore, $T_{u}^{c} (t_{k})$ .

Case iii): We note that the proofs of the two are similar. In the following, we consider the case $\min \ n o l i m i t s_ν_{k} \in U (x_{k}, t_{k}) {‖ ν_{k} ‖}$ . The tTLT $P o s t (B (x_{k}, t_{k}))$ can be constructed via Algorithm 1, which is shown in Figure 8.

Assume that $x_{x_{0}}^{ν, w} ⊨ T_{φ}$ , then one has from Definition 4.4 that $P o s t (B (x_{k}, t_{k}))$ . In addition, $\forall k \in [κ_{1}, κ_{2}], x_{k} \in \bar{R^{m} (R^{n}, \bar{S_{μ_{1}}}, [a_{2}, b_{2}], k - κ_{1})}$ , which implies $x_{k} \in S_{μ_{1}}, \forall k \in [κ_{1}, κ_{2}]$ . That is, $x_{x_{0}}^{ν, w} ⊨ φ \Rightarrow x_{x_{0}}^{ν} ⊨ T_{φ}$ . Assume now that $x_{x_{0}}^{ν, w} ⊨ φ$ . Then, one has from STL semantics that ∃t_k′ ∈ t₀ + [a₁, b₁] such that $x_{k^{″}} \in S_{μ_{1}}, \forall t_{k^{″}} \in t_{k^{'}} + [a_{2}, b_{2}]$ , which implies $\forall t_{k^{″}} \in t_{k^{'}} + [a_{2}, b_{2}], x_{k^{″}} \in \bar{R^{m} (R^{n}, \bar{S_{μ_{1}}}, [a_{2}, b_{2}], k^{″} - k^{'})}$ . Therefore, $x_{x_{0}}^{ν, w} ⊨ φ \Rightarrow x_{x_{0}}^{ν} ⊨ T_{φ}$ .

Case iv): φ = φ₁ ∧ φ₂. Assume that $x_{x_{0}}^{ν, w} ⊨ T_{φ}$ , then one has from Definition 4.4 that $x_{x_{0}}^{ν, w} ⊨ T_{φ_{1}}$ and $x_{x_{0}}^{ν, w} ⊨ T_{φ_{2}}$ . Moreover, since φ₁ and φ₂ belong to items ii) or iii), then one can conclude from Case ii) and Case iii) that $x_{x_{0}}^{ν, w} ⊨ T_{φ_{i}} \Rightarrow x_{x_{0}}^{ν, w} ⊨ φ_{i}, i = {1,2}$ , which implies $x_{x_{0}}^{ν, w} ⊨ φ_{1} \land φ_{2}$ . That is, $x_{x_{0}}^{ν, w} ⊨ T_{φ} \Rightarrow x_{x_{0}}^{ν, w} ⊨ φ$ . The proof of the other direction is similar and hence omitted.

Then, we prove $x_{x_{0}}^{ν, w} ⊨ T_{φ} \Rightarrow x_{x_{0}}^{ν, w} ⊨ φ$ for

v) φ₁ ∨ φ₂, where φ₁ and φ₂ are STL formulas belong to items ii) or iii).

Case v): φ = φ₁ ∨ φ₂. The proof of $x_{x_{0}}^{ν, w} ⊨ T_{φ} \Rightarrow x_{x_{0}}^{ν, w} ⊨ φ$ is similar to Case iv). The other direction does not hold because for an uncertain system, it is possible that there exists a trajectory $x_{x_{0}}^{ν, w}$ such that $x_{x_{0}}^{ν, w} ⊨ φ$ , however, the initial state $x_{0} \notin X_{r o o t}^{φ} (t_{0})$ (due to Proposition 3.2), where $X_{r o o t}^{φ}$ denotes the root node of $T_{φ}$ . In this case, $x_{x_{0}}^{ν, w}$ does not satisfy $T_{φ}$ .

The proof of $x_{x_{0}}^{ν, w} ⊨ T_{φ} \Rightarrow x_{x_{0}}^{ν, w} ⊨ φ$ for other STL formulas φ in equation (5) can be completed inductively by combining Cases i)-v). Therefore, the conclusion follows. □

Thanks to the semantic relation between the STL formulas in equation (5) and their corresponding tTLTs, we are able to perform control synthesis over the tTLT, instead of the STL formulas, with correct-by-construction guarantees. The details of this control synthesis are provided in the next section.

Figure 7.

tTLTs $T_{φ}$ for $φ = μ_{1} U_{[a, b]} μ_{2}$ .

Figure 8.

tTLTs for $φ = F_{[a_{1}, b_{1}]} G_{[a_{2}, b_{2}]} μ_{1}$ .

5. Online control synthesis

In this section, we study the STL control synthesis problem in Problem 2.1. In the following, an online control synthesis algorithm and its sub-algorithms are designed over the tTLT such that the tTLT $T_{φ}$ is satisfied (in the sense of Definitions 4.4 and 4.5). From Theorem 4.1, one can see that to guarantee the satisfaction of the STL formula φ in equation (5), it is sufficient to find a control policy ν that guarantees the (robust) satisfaction of the corresponding tTLT $T_{φ}$ . To this end, the tTLT-based control synthesis approach is sound.

5.1. Definitions and notations

Before proceeding, the following definitions and notations are needed.

Definition 5.1

The time horizon |Θ| of an STL operator $Θ \in {\land, \lor, U_{[a, b]}, F_{[a, b]}, G_{[a, b]}}$ is defined as

| Θ | = {\begin{cases} 0, & i f Θ = {\land, \lor}, \\ \hat{b}, & i f Θ \in {U_{[a, b]}, F_{[a, b]}, G_{[a, b]}}, \end{cases}

where

\hat{b} = \underset{t_{k}}{argmax} {a \leq t_{k} \leq b}

Definition 5.2

A segment of a complete path of a tTLT is called a Boolean segment if it starts and ends with a tube node and contains only Boolean operator nodes. We say a tube node $X_{j}$ is reachable from $X_{i}$ by a Boolean segment if there exists a Boolean segment that starts with $X_{i}$ and ends with $X_{j}$ .

Definition 5.3

If each node of a tree is either a set node that is a subset of U or an operator node that belongs to ${\land, \lor, U_{I}, F_{I}, G_{I}}$ , then the tree is called a control tree.

Each tube node $X_{i}$ of the tTLT $T_{φ}$ is characterized by the following two parameters:

• $t_{a} (X_{i})$ : the activation time of $X_{i}$ ,

• $t_{h} (X_{i})$ : the time horizon of $X_{i}$ , i.e., the time that $X_{i}$ is deactivated.

Denote by $T_{φ} (t k)$ the resulting tree of $T_{φ}$ at time instant tk. It is obtained by fixing the value of each tube node $X_{i}$ according to the activation time $t_{a} (X_{i})$ (i.e., $T_{φ} (t_{k})$ contains either set nodes or operator nodes). Let $S_{i} (t_{k})$ be the i-th set node of $T_{φ} (t_{k})$ , where $S_{i} (t_{k})$ corresponds to the tube node $X_{i}$ . The relationship between $S_{i} (t_{k})$ and $X_{i}$ can be described as follows:

S_{i} (t_{k}) = {\begin{cases} X_{i} (t_{0}), i f t_{k} \leq t_{a} (X_{i}) \\ X_{i} (t_{k} - t_{a} (X_{i})), i f t_{k} \leq t_{a} (X_{i}) \end{cases}

(8)

Moreover, one has that

t_{a} (S_{i} (t_{k})) = t_{a} (X_{i}), t_{h} (S_{i} (t_{k})) = t_{h} (X_{i}), \forall k \geq 0

At each time instant t _k , $T_{φ} (t_{k})$ is characterized by

• P(t_k): the set which collects all the set nodes of, i.e., P(t_k) = ∪_iS_i(t_k),

• Θ: the set which collects all the operator nodes of $T_{φ} (t_{k})$ , which is time invariant.

For a node N _i (t _k ) ∈ P(t _k ) ∪ Θ, define

• CH(N _i (t _k )): the set of children of node N _i (t _k ),

• PA(N_i(t_k)): the set of parents of node N_i(t_k),

• $Post (N_{i} (t_{k})) ≔ CH (CH (N_{i} (t_{k})))$ ,

• $Pre (N_{i} (t_{k})) ≔ PA (PA (N_{i} (t_{k})))$ .

Given a state-time pair (x _k , t _k ), define $L : R^{n} \times R_{\geq 0} \to 2^{P (t_{k})}$ as the labelling function, given by

L (x_{k}, t_{k}) = {S_{i} (t_{k}) \in P (t_{k}) {: x}_{k} \in S_{i} (t_{k}), t_{k} \leq t_{h} (S_{i} (t_{k}))},

(9)

which maps (x _k , t _k ) to a subset of P(t _k ). Moreover, define the function

B : R^{n} \times R_{\geq 0} \to 2^{P (t_{k})}

, which maps (x _k , t _k ) to a set of valid set nodes in P(t _k ). The function L(x _k , t _k ) computes the subset of set nodes of P(t _k ) that contains x _k at time t _k (without the consideration of history trajectory) while the function B(x _k , t _k ) is further introduced to capture the fact that given the history trajectory, not all set nodes in L(x _k , t _k ) are valid at time t _k . A rule for determining B(x _k , t _k ) given L(x _k , t _k ) is detailed in Algorithm 7 in the next subsection.

5.2. Online control synthesis

In the following, we present the online control synthesis algorithm (and its sub-algorithms), and then present an example to further explain how each sub-algorithm works.

Algorithm 5. onlineControlSynthesis.

Algorithm 6. Initialization.

Algorithm 7. trackingSetNode.

The online control synthesis algorithm is outlined in Algorithm 5. Before implementation, an initialization process (line 1) is required, which is outlined in Algorithm 6. Here, t_a and t_h are two functions that map each tube node $X_{i}$ to its activation time and time horizon, respectively. If $t_{a} (X_{i})$ or $t_{h} (X_{i})$ is unknown for $X_{i}$ , its value will be set as ⋈. Then, at each time instant t_k, a feasible control set $U (x_{k}, t_{k})$ is synthesized (lines 2-11). This process contains the following steps: 1) find the subset of set nodes in P(t_k) that are valid at time t_k, i.e., B(x_k, t_k), via Algorithm 7 (line 2); 2) determine the activation time of $X_{i}$ , whose corresponding set node S_i(t_k) ∈ B(x_k, t_k) (if $t_{a} (X_{i})$ is unknown, i.e., being visited for the first time, it is set as t_k; otherwise, i.e., being visited before, it is unchanged) (lines 3-7); 3) calculate $T_{φ} (t_{k + 1})$ via Algorithm 8 (line 8); 4) build a control tree $T_{u} (t_{k})$ (Definition 5.3) via Algorithm 9 (line 9), compress it via Algorithm 3 (line 10), and then the feasible control set $U (x_{k}, t_{k})$ is given by backtracking the compressed control tree $T_{u}^{c} (t_{k})$ via Algorithm 10 (line 11). If the obtained feasible control set $T_{u}^{c} (t_{k})$ , the control synthesis process stops and returns NExis (lines 12-13); otherwise, the control input ν_k can be chosen as any element of $U (x_{k}, t_{k})$ (one example is to choose ν_k as $\min_{ν_{k} \in U (x_{k}, t_{k})} {‖ ν_{k} ‖}$ ) (line 15). Then, we implement the chosen ν_k, measure x_k+1 (line 16), and finally compute the subset of set nodes that are possibly available at the next time instant t_k+1, i.e., $P o s t (B (x_{k}, t_{k}))$ , via Algorithm 11 (line 17).

Algorithm 8. updatetTLT.

We further detail Algorithms 6–11 in the following.

• Algorithm 6 calculates the functions t_a and t_h (lines 1-7) and $P o s t (B (x_{- 1}, t_{- 1}))$ (lines 8-12).

• Algorithm 7 outlines the procedure of finding the subset of set nodes in P(t_k) that are valid at time t_k, i.e., B(x_k, t_k). This is the most important step of the control synthesis, and it relates to Algorithm 11 postSet. Firstly, one needs to compute the subset of set nodes of P(t_k) that contains x_k at time t_k, i.e., L(x_k, t_k) (line 1). Then, one has from Definition 4.4 that if a trajectory x satisfies one complete path of the tTLT, it must i) visit each tube node of the complete path sequentially and ii) stay in each tube node for sufficiently long time steps (Remark 4.1). Based on these two requirements, Algorithm 11 is designed to predict the subset of set nodes that are possibly available at the next time instant, i.e., $P o s t (B (x_{k - 1}, t_{k - 1}))$ . Note that B(x_k, t_k) must belong to L(x_k, t_k) and $P o s t (B (x_{k - 1}, t_{k - 1}))$ at the same time. Therefore, we let $B (x_{k}, t_{k}) \leftarrow L (x_{k}, t_{k}) \cap P o s t (B (x_{k - 1}, t_{k - 1}))$ (line 2). The rest of Algorithm 7 (lines 3-7) guarantees that B(x_k, t_k) contains at most one set node for each complete path of $T_{φ} (t_{k})$ .

• Algorithm 8 outlines the procedure of calculating $T_{φ} (t_{k + 1})$ , given $T_{φ} (t_{k})$ , t_a and B(x_k, t_k). It is designed based on equation (8).

• Algorithm 9 outlines the procedure of building a control tree $T_{u} (t_{k})$ , which is then used for control set synthesis. It is initialized as $T_{φ} (t_{k})$ (line 1). Then, for those set nodes S_i(t_k) that belongs to B(x_k, t_k), it is replaced with the feasible control set (lines 2–8), otherwise, it is replaced with ∅ (lines 9–11).

• Algorithm 10 is similar to Algorithm 4, which outlines the procedure of backtracking a compressed tree.

• Algorithm 11 outlines the procedure of finding the subset of set nodes that are possibly available at the next time instant t_k+1 given B(x_k, t_k), t_a and $T_{φ} (t_{k + 1})$ . It is designed based on Definition 4.4, where the three cases (lines 4–8, 9–12, 13–16) correspond to items i)–iii) of Definition 4.4, respectively. It guarantees that the resulting trajectory visits each tube node of $T_{φ}$ sequentially and stays in each tube node for sufficiently long time steps (as we discussed in Algorithm 7).

Algorithm 9. buildControlTree.

Algorithm 10. Backtracking*.

Algorithm 11. postSet.

Next, an example is given to illustrate one iteration of the control synthesis algorithm (Algorithm 5).

Example 5.1

Consider the single-integrator control system $\dot{x} = u + w$ with a sampling period of one second. The corresponding discrete-time system is given by

x_{k + 1} = x_{k} + u_{k} + w_{k}

where

x_{k} \in R^{2}, u_{k} \in U : = {u : ‖ u ‖ \leq 1} \subset R^{2}, w_{k} \in W : = {w : ‖ w ‖ \leq 0.1} \subset R^{2}, \forall k \in N

. The task specification φ is given in Example 3.1, i.e.,

φ = F_{[a_{1}, b_{1}]} G_{[a_{2}, b_{2}]} μ_{1} \land μ_{2} U_{[a_{3}, b_{3}]} μ_{3}

, where [a ₁ , b ₁ ] = [5, 10], [a ₂ , b ₂ ] = [0, 10], [a ₃ , b ₃ ] = [0, 8],

g_{μ_{1}} (x) = 1 - ‖ x ‖

g_{μ_{2}} (x) = 5 - ‖ x - {[4,4]}^{T} ‖

, and

g_{μ_{3}} (x) = 1 - ‖ x - {[3,5]}^{T} ‖

. Then, one has

\begin{array}{l} S_{μ_{1}} = {x_{0} : ‖ x_{0} ‖ \leq 1}, \\ S_{μ_{2}} = {x_{0} : ‖ x_{0} - {[4,4]}^{T} ‖ \leq 5}, \\ S_{μ_{3}} = {x_{0} : ‖ x_{0} - {[3,5]}^{T} ‖ \leq 1} . \end{array}

The tTLT that corresponds to φ is plotted in Figure 5 . Using Definitions 2.6 and 2.7, one can calculate that

\begin{array}{l} X_{4} (t_{k}) = {x_{k} : ‖ x_{k} ‖ \leq 0.9}, \\ X_{3} (t_{k}) = {x_{k} : ‖ x_{k} - {[3,5]}^{T} ‖ \leq 8.1 - k \\ \land ‖ x_{k} - {[4,4]}^{T} ‖ \leq 5}, \\ X_{2} (t_{k}) = {x_{k} : ‖ x_{k} ‖ \leq 9.9 - k}, \\ X_{1} (t_{k}) = X_{2} (t_{k}) \cap X_{3} (t_{k}) . \end{array}

The initial state x ₀ = [0.5,0.8] ^T , for which $x_{0} \in X_{r o o t}^{φ} (t_{0})$ . Firstly, an initialization process is required, and one can get from Algorithm 6 that

\begin{array}{l} t_{h} (X_{1}) = 0, t_{h} (X_{2}) = 10, t_{h} (X_{3}) = 8, \\ t_{h} (X_{4}) = 20, t_{h} (S_{μ_{1}}) = \infty, t_{h} (S_{μ_{3}}) = \infty, \end{array}

And

P o s t (B (x_{- 1}, t_{- 1})) = {X_{1} (t_{0}), X_{2} (t_{0}), X_{3} (t_{0})} .

Now, let us see how the feasible control set $U (x_{0}, t_{0})$ is synthesized at time instant t ₀ .

1) Find B(x₀, t₀) via Algorithm 7. First, L(x₀, t₀) is computed according to equation (9),

L (x_{0}, t_{0}) = {X_{1} (t_{0}), X_{2} (t_{0}), X_{3} (t_{0}), X_{4} (t_{0}), S_{μ_{1}}}

Then, after running lines 2-7, one has

B (x_{0}, t_{0}) = {S_{2} (t_{0}), S_{3} (t_{0})}

2) Determine the activation time. Initially, both $t_{a} (X_{2})$ and $t_{a} (X_{3})$ are unknown, therefore, $t_{a} (X_{2}) = t_{a} (X_{3}) = t_{0}$ .

3) Update the TLT (thus obtain $T_{φ} (t_{1})$ ) via Algorithm 8. The output $T_{φ} (t_{1})$ is given by

\begin{array}{l} S_{1} (t_{1}) = X_{1} (t_{0}), S_{2} (t_{1}) = X_{2} (t_{1}), \\ S_{3} (t_{1}) = X_{3} (t_{1}), S_{4} (t_{1}) = X_{4} (t_{0}), \end{array}

and the leaf nodes

S_{μ_{1}}

and

S_{μ_{3}}

are unchanged.

4) Build the control tree $T_{u} (t_{0})$ , compress it to obtain $T_{u}^{c} (t_{0})$ , and then get $U (x_{0}, t_{0})$ . This process is illustrated in Figure 9, and $U (x_{0}, t_{0}) = U (S_{2} (t_{0})) \cap U (S_{3} (t_{0}))$ .

Since $U (x_{0}, t_{0}) \neq \emptyset$ , the online control synthesis continues, and we can further compute $P o s t (B (x_{0}, t_{0}))$ via Algorithm 11, which gives

P o s t (B (x_{0}, t_{0})) = {S_{2} (t_{1}), S_{3} (t_{1}), S_{μ_{3}}} .

The following theorem shows the applicability and soundness of Algorithm 5.

Figure 9.

Left: $U (x_{0}, t_{0})$ , Middle: $T_{u}^{c} (t_{0})$ , Right: root node of $T_{u}^{c} (t_{0})$ after implementing Algorithm 10, where $U (S_{2} (t_{0})) = U = {u : ‖ u ‖ \leq 1}, U (S_{3} (t_{0})) = U \cap {u : ‖ u - {[3.4,3.1]}^{T} ‖ \leq 5}$ .

Theorem 5.1

Consider uncertain system equation (1) with initial state x₀ and an STL formula φ in equation (5). Assume that φ is robustly satisfiable for equation (1) and $x_{0} \in T_{r o o t}^{φ} (t_{0})$ . Then, implementing the online control synthesis algorithm (Algorithm 5) guarantees that

(i) the control set $U (x_{k}, t_{k})$ is nonempty for all $k \in N$ ;

(ii) the resulting trajectory $x ⊨ φ$ .

Proof

The proof follows from the construction of tTLT and Algorithms 5-11. The existence of a controller ν _k at each time step t _k , is guaranteed by the definition of maximal and minimal reachable sets (Definitions 2.6 and 2.7), and the construction of tTLT (Propoition 3.1, Theorem 3.1 and Algorithm 1). Moreover, the design of Algorithms 5-11 guarantees that the resulting trajectory x satisfies the tTLT $T_{φ}$ , i.e., $x ⊨ T_{φ}$ , which implies x ⊨ φ as proven in Theorem 4.1.

Remark 5.1

The tTLT construction relies on the computation of backward reachable tubes. Over the past decade, new approaches (e.g., decomposition-based approach (Chen et al., 2018a) and learning-based approaches (Allen et al., 2014; Bansal and Tomlin, 2021)) and software tools (e.g., Hamilton-Jacobi Toolbox (Mitchell and Templeton, 2005) and CORA Toolbox (Althoff, 2015)), have been developed for improving the efficiency of computing backward reachable tubes. Moreover, we remark that the computation of reachable tubes in our work for constructing of the tTLT can be performed offline, which may mitigate the online computational burden. On the other hand, although the exact computation of backward reachable sets/tubes is in general nontrivial for high-dimensional nonlinear systems, efficient algorithms exist for linear systems with polygonal input and disturbance sets (Kurzhanski and Pravin, 2014).

Remark 5.2

The online control synthesis algorithm (Algorithm 5) contains 7 sub-algorithms, i.e., Algorithm 3 and Algorithms 6-11. The computational complexity is determined by Algorithm 9, in which one-step feasible control sets need to be computed. The computational complexity of Algorithms 3, 6, 7, 8, 10, 11 is $O (1)$ . Note that in Algorithm 8, the computation of reachable sets, which is required for set node update, is done offline when constructing the tTLT.

Remark 5.3

Different from the mixed-integer programming formulation for STL control synthesis (Raman et al., 2014, 2015), where an entire control policy has to be synthesized at each time step, the control synthesis in our work is reactive in the sense that only the control input at the current time step is generated at each time step.

6. Numerical simulations

In this section, two examples illustrating the theoretical results are provided. We first perform a numerical simulation for car overtaking. We then apply our algorithms to motion planning of a mobile robot over a group of STL specifications and test the scalability of our algorithms with respect to the growing STL complexity.

6.1. Car overtaking example

We first consider a car overtaking example. This example will specify an overtaking task as an STL formula and then show how to synthesize an overtaking controller with safety guarantees.

As shown in Figure 10, we consider a scenario where an automated vehicle Veh₁ plans to move to a target set $S_{μ_{1}}$ within 80 s. Since there is a broken vehicle Veh₂ in front of Veh₁ and there is another vehicle Veh₃ that moves in an opposite direction in the other lane, Veh₁ must overtake Veh₂ for reaching $S_{μ_{1}}$ and avoid Veh₃ for safety.

Figure 10.

Scenario illustration: an automated vehicle plans to reach a target set $S_{μ_{1}}$ while overtaking a broken vehicle Veh₂ in front of it in the same lane and avoiding Veh₃ moving in an opposite direction in the other lane.

We describe the dynamics of the vehicle Veh₁ as in Murgovski and Sjöberg (2015):

x_{k + 1} = \underset{A}{\underset{⏟}{[\begin{array}{l} 1 & 0 & δ \\ 0 & 1 & 0 \\ 0 & 0 & 1 \end{array}]}} x_{k} + \underset{B}{\underset{⏟}{[\begin{array}{l} 0 & 0 \\ δ & 0 \\ 0 & δ \end{array}]}} u_{k} + w_{k},

where

x_{k} = {[p^{x} (k), p^{y} (k), v^{x} (k)]}^{T}

u_{k} = {[v^{y} (k), a^{x} (k)]}^{T}

, and δ is the sampling period. The working space is

X = {z \in R^{3} ∣ {[0, - 5, - 3]}^{T} \leq z \leq {[120,5,3]}^{T}}

, the control constraint set is

U = {z \in R^{2} ∣ {[- 1, - 1]}^{T} \leq z \leq {[1,1]}^{T}}

, the disturbance set is

W = {z \in R^{3} ∣ {[- 0.05, - 0.05, - 0.05]}^{T} \leq z \leq {[0.05,0.05,0.05]}^{T}}

, and the target region is

S_{μ_{1}} = {z \in R^{2} ∣ {[115, - 5,0.5]}^{T} \leq z \leq {[120,0,0.5]}^{T}}

We use $S_{μ_{2}} = {z \in R^{3} ∣ {[45, - 5, - \infty]}^{T} \leq z \leq {[50,0, \infty]}^{T}}$ to denote the state set that contains the occupancy of Veh₂. We describe the dynamics of the vehicle Veh₃ as

{\bar{x}}_{k + 1} = \underset{\bar{A}}{\underset{⏟}{[\begin{array}{l} 1 & 0 \\ 0 & 1 \end{array}]}} x_{k} + \underset{\bar{B}}{\underset{⏟}{[\begin{array}{l} δ & 0 \\ 0 & δ \end{array}]}} {\bar{u}}_{k},

where

x_{k} = {[{\bar{p}}^{x} (k), {\bar{p}}^{y} (k)]}^{T}

{\bar{u}}_{k} = {[{\bar{v}}^{x} (k), {\bar{v}}^{y} (k)]}^{T}

, We assume that it moves at a constant velocity

{\bar{u}}_{k} = {[{\bar{v}}^{x}, 0]}^{T}

. The initial state of Veh₃ is

{\bar{x}}_{0} = {[{\bar{p}}_{i n i}^{x}, 2.5]}^{T}

. Then, we have that its position of x-axis is

{\bar{p}}_{k}^{x} = {\bar{p}}_{i n i}^{x} + δ \times (k - 1) \times {\bar{v}}^{x}

To formulate the overtaking task, we define the following three sets as shown in Figure 10: $S_{μ_{3}} = {z \in R^{3} ∣ {[0, - 5, - 3]}^{T} \leq z \leq {[35,0,3]}^{T}}$ , $S_{μ_{4}} = {z \in R^{3} ∣ {[35, - 5, - 3]}^{T} \leq z \leq {[60,5,3]}^{T}}$ , and $S_{μ_{5}} = {z \in R^{3} ∣ {[60, - 5, - 3]}^{T} \leq z \leq {[120,0,3]}^{T}}$ .

Let us choose the sampling period as δ = 0.2s(seconds). To respect the time constraint and the input constraint for Veh₁, we consider two possible solutions to the previous reachability problem: (1) fast overtaking: overtake Veh₂ before Veh₃ passes Veh₂; (2) slow overtaking: wait until Veh₃ passes Veh₂ and then overtake Veh₂. The fast overtaking can be encoded into an STL formula:

\begin{array}{l} φ_{f a s t_o v e r t a k e} = μ_{3} U_{[0,16]} μ_{4} \land (μ_{3} \lor μ_{4}) U_{[0,30]} μ_{5} \\ \land (μ_{3} \lor μ_{4} \lor μ_{5}) U_{[0,80]} G_{[0,2]} μ_{1} \land G_{[0,80]} \neg (μ_{2} \lor μ_{6}), \end{array}

where $S_{μ_{6}} = {z \in R^{6} ∣ {[{\bar{p}}^{x} (16), 0, - \infty]}^{T} \leq z \leq {[{\bar{p}}^{x} (0), 5, \infty]}^{T}}$ . Note that $S_{μ_{6}}$ denotes the reachable set for the vehicle Veh₃ within the time interval [0,16] seconds and 16 (that corresponds to the sampling index k = 80) is the maximal time instant that the vehicle Veh₁ can reach the set $S_{μ_{5}}$ in the sprit of φ₁. Using Algorithm 1, one can construct the tTLT $T_{φ_{f a s t_o v e r t a k e}}$ (see Figure 11), where

\begin{array}{l} X_{6} (t_{k}) = R^{M} (X, S_{μ_{4}}, S_{μ_{3}}, [0,16], k), \\ X_{7} (t_{k}) = R^{M} (X, S_{μ_{5}}, S_{μ_{3}} \cup S_{μ_{4}}, [0,30], k), \\ X_{8} (t_{k}) = \bar{R^{m} (X, \bar{S_{μ_{1}}}, [0,2], k)}, \\ X_{4} (t_{k}) = X_{6} (t_{k}) \cap X_{7} (t_{k}), \\ X_{5} (t_{k}) = R^{M} (X, X_{8} (t_{0}), S_{μ_{3}} \cup S_{μ_{4}} \cap S_{μ_{5}}, [0,80], k), \\ X_{2} (t_{k}) = X_{4} (t_{k}) \cap X_{5} (t_{k}), \\ X_{3} (t_{k}) = \bar{R^{m} (X, S_{μ_{2}} \cap S_{μ_{6}}, [0,80], k)}, a n d \\ X_{1} (t_{k}) = X_{2} (t_{k}) \cup X_{3} (t_{k}) . \end{array}

Figure 11.

The constructed tTLT $T_{φ fast_overtake}$ .

The slow overtaking can be encoded into an STL formula

\begin{array}{l} φ_{s l o w_o v e r t a k e} = μ_{3} U_{[16,32]} μ_{4} \land (μ_{3} \lor μ_{4}) U_{[0,45]} μ_{5} \\ \land (μ_{3} \lor μ_{4} \lor μ_{5}) U_{[0,80]} G_{[0,2]} μ_{1} \land G_{[0,80]} \neg (μ_{2} \lor μ_{7}) \end{array}

where

S_{μ_{7}} = {z \in R^{2} ∣ {[- \infty, 0, - \infty]}^{T} \leq z \leq {[{\bar{p}}^{x} (16), 5, \infty]}^{T}}

. Note that

S_{μ_{7}}

denotes the reachable set for the vehicle Veh₃ within the time interval

[16, + \infty)

and 16 (that corresponds to the sampling index k = 80) is the minimal time instant that the vehicle Veh₁ can reach the set

S_{μ_{4}}

in the sprit of φ₂. The tTLT

T_{φ_{s l o w_o v e r t a k e}}

can be constructed similar to

T_{φ_{f a s t_o v e r t a k e}}

In the following, two simulation cases are considered and the online control synthesis algorithm is implemented. In the fast overtaking, we choose the initial position ${\bar{p}}_{i n i}^{x} = 95$ and the moving velocity ${\bar{v}}^{x} = - 2$ for the vehicle Veh₃ and the initial position x₀ = [0.5,−2.5,2]^T for Veh₁. One can verify that the specification φ_{slow_overtake} is infeasible in this case. Figure 12(a) shows the position trajectories, from which we can see that the whole specification is fulfilled. The blue region denotes the set $S_{μ_{6}}$ . Figure 12(b) shows the velocity trajectory of v^x and Figure 12(c) and (d) show the corresponding control inputs, where the dashed lines denote the control bounds. The cyan regions represent the synthesized control sets and the blue lines are the control trajectories. In the slow overtaking, we choose the initial position ${\bar{p}}_{i n i}^{x} = 80$ and the moving velocity ${\bar{v}}^{x} = - 3$ for the vehicle Veh₃ and the same initial position x₀ = [0.5,−2.5]^T for Veh₁. In this case one can verify that φ_{fast_overtake} is infeasible. Figure 13(a) shows the position trajectories, from which we can see that the whole specification is fulfilled. The blue region denotes the intersection between the set X and the set $S_{μ_{7}}$ . Figure 13(b) shows the velocity trajectory of v^x and Figure 13(c) and (d) show the corresponding control input trajectories of a^x and v^y.

Figure 12.

Trajectories for one realization of disturbance signal in the fast overtaking: (a) position trajectory; (b) velocity trajectory of x-axis; (c) control trajectory of x-axis; (d) control trajectory of y-axis.

Figure 13.

Trajectories for one realization of disturbance signal in the slow overtaking: (a) position trajectory; (b) velocity trajectory of x-axis; (c) control trajectory of x-axis; (d) control trajectory of y-axis.

To highlight the effect of disturbances, we compare the trajectories with and without disturbances in the fast overtaking, which are shown in Figure 14(a)–(e). In Figure 14(a), we show the evolution of the x-axis position along the time. We use k₁, k₂, and k₃ (or $k_{1}^{'}$ , $k_{2}^{'}$ , and $k_{3}^{'}$ ) to denote the minimal time instants that Veh₁ reaches the sets $S_{μ_{4}}$ , $S_{μ_{5}}$ , and $S_{μ_{1}}$ for the noisy scenario (or for the deterministic scenario). We can see that the disturbances slightly delay the reaching time, while both two position trajectories satisfy the time intervals encoded in φ₁. The differences of the velocity trajectory of v^x and the corresponding control input trajectories of a^x and v^y are highlighted in Figure 13(c)–(d), respectively. The disturance realizations of w_k are shown in Figure 13(e). In the deterministic scenario, the controller is aggressive in the sense that the velocity can actively reach the maximum velocity. As a comparison, the controller in the noisy scenario is more cautious in the sense that some gaps always exist between the actual velocity and the maximum velocity. In order to reject the disturbance, more frequent changing of the control inputs occurs in the noisy scenario. Similar observations are applied to the slow overtaking, whose comparisons are shown in Figure 15. Furthermore, in order to show the robustness, we run 100 realizations of the disturbance trajectories in the fast overtaking and in the slow overtaking, respectively. The position trajectories for such 100 realizations of two cases are shown in Figure 16.

Figure 14.

Comparison of robust control with noise and deterministic control without disturbance signal in the fast overtaking: (a) position-time trajectory; (b) velocity trajectory of x-axis; (c) control trajectory of x-axis; (d) control trajectory of y-axis; (e) disturbance signals.

Figure 15.

Comparison of robust control with noise and deterministic control without disturbance signal in the ast overtaking in the slow overtaking: (a) position-time trajectory; (b) velocity trajectory of x-axis; (c) control trajectory of x-axis; (d) control trajectory of y-axis; (e) disturbance signals.

Figure 16.

Position trajectories for 100 realizations of disturbance signals. (a) Position trajectories for 100 realizations of disturbance signals in the fast overtaking. (b) Position trajectories for 100 realizations of disturbance signals in the slow overtaking.

Finally, we report the computation time of this example, which was run in Matlab R2016a with MPT toolbox (Herceg et al., 2013) on a Dell laptop with Windows 7, Intel i7-6600U CPU 2.80 GHz and 16.0 GB RAM. We perform reachability analysis for constructing the tTLT offline, which takes 59.10 s. For online control synthesis, the minimal computation time at a single time step over 100 realizations is 0.23 s, while the maximal computation time is 1.07 s. The average time of each time step is 0.31 s. We remark that the mixed-integer formulation is difficult to implement in this example. This is because the computational complexity of mixed-integer programming grows exponentially with the horizon of the STL formula, which in this example reaches up to 400 sampling instants, much longer than the horizons considered in the simulation examples of Raman et al. (2015, 2014); Sadraddini and Belta (2015).

6.2. Motion planning example

In this section, we consider the motion planning of a mobile robot in an environment, as shown in Figure 17, under a group of STL specifications with growing complexity. We describe the underlying continuous dynamics of the automated vehicle as:

f (x, u, w) = [\begin{array}{l} {\dot{p}}^{x} \\ {\dot{p}}^{y} \\ \dot{θ} \end{array}] = [\begin{array}{l} v \cos θ \\ v \sin θ \\ σ \end{array}] + w,

where

x = {[p^{x}, p^{y}, θ]}^{T}

is the vehicle’s x position, y position, and heading, respectively. The control input is u = [v,σ]^T, where v is the vehicle’s velocity and σ is the angular velocity. The working space is

X = {z \in R^{3} ∣ {[- 5, - 5, - π]}^{T} \leq z \leq {[- 5,5, π]}^{T}}

, the control set is

U = {z \in R^{2} ∣ {[- 0.5, - π / 5]}^{T} \leq z \leq {[0.5, π / 5]}^{T}}

, and the disturbance set is

W = {z \in R^{3} ∣ {[- 0.1, - 0.1, - 0.1]}^{T} \leq z \leq {[0.1,0.1,0.1]}^{T}}

. For constructing the tTLT, we discretize the above dynamics using a simple zero-order hold estimation. Let Δ be the sampling period, then we describe the discrete dynamics of the automated vehicle as

x_{k + 1} = x_{k} + f (x_{k}, u_{k}, w_{k}) Δ .

We set Δ = 0.05s.

We consider the following five STL formulas φ_i, i = 1, …, 5, as defined in equations (10a)–(10e). These five formulas have increasing complexity, e.g., longer horizon and more operators. We report the computation time of this example, which was run in Matlab R2022b with the Level Set Method Toolbox (Mitchell and Templeton, 2005). The offline computation time for constructing the tTLT and the online computation time for synthesizing the controller are summarized in Table 2. As expected, the offline computation time typically increases with respect to the complexity of STL formulas. Note that the formulas φ₃ and φ₄ have the same computation time (134.49 s) since the computation of reachable sets for ϕ₃ can be directly reused to construct the tTLT of ϕ₄, despite that ϕ₄ looks more complex than ϕ₃. On the other hand, the online computation for control synthesis, measured by the computation time per time step, is very efficient for all the formulas. The position trajectories are plotted in Figure 18, where the initial position is indicated by the star and the end position is the circle. The time information over the trajectories is illustrated by the color map.

φ_{1} = (μ_{0} \land \neg (μ_{1} \lor μ_{2} \lor μ_{3})) U_{[0,30]} G_{[0,2]} μ_{4}

(10a)

φ_{2} = ϕ_{21} \land ϕ_{22}

(10b)

\begin{array}{l} ϕ_{21} = (μ_{0} \land \neg (μ_{1} \lor μ_{2} \lor μ_{3} \lor μ_{4} \lor μ_{5})) U_{[0,20]} G_{[0,2]} μ_{6} \\ ϕ_{22} = ((μ_{0} \land \neg (μ_{1} \lor μ_{2} \lor μ_{3})) U_{[0,35]} G_{[0,2]} μ_{4}) \\ φ_{3} = (ϕ_{21} \lor ϕ_{31}) \land ϕ_{22} \end{array}

(10c)

\begin{array}{l} ϕ_{31} = (μ_{0} \land \neg (μ_{1} \lor μ_{2} \lor μ_{3} \lor μ_{4} \lor μ_{5})) U_{[0,20]} G_{[0,3]} μ_{7} \\ φ_{4} = (ϕ_{21} \land ϕ_{22} \land ϕ_{41}) \lor (ϕ_{31} \land ϕ_{22} \land ϕ_{42}) \end{array}

(10d)

\begin{array}{l} ϕ_{41} = (μ_{0} \land \neg (μ_{1} \lor μ_{2} \lor μ_{3} \lor μ_{5})) U_{[35,55]} G_{[0,2]} μ_{6} \\ ϕ_{42} = (μ_{0} \land \neg (μ_{1} \lor μ_{2} \lor μ_{3} \lor μ_{5})) U_{[35,55]} G_{[0,3]} μ_{7} \\ φ_{5} = φ_{4} \land ϕ_{51} \end{array}

(10e)

ϕ_{51} = (μ_{0} \land \neg (μ_{1} \lor μ_{2} \lor μ_{3} \lor μ_{5})) U_{[55,75]} G_{[0,2]} μ_{8}

Figure 17.

Scenario illustration: an automated vehicle needs to enter into the parking lot, park in the designated parking spot (blue), and leave the parking lot, while avoiding any collisions.

Table 2.

Computation time under different STL formulas.

STL formula	Offline com. time	Online com. time
STL formula	(tTLT construction)(s)	(Control synthesis)(s)
φ₁ in equation (10a)	71.60	0.0180
φ₂ in equation (10b)	82.70	0.0178
φ₃ in equation (10c)	134.49	0.0193
φ₄ in equation (10d)	134.49	0.0159
φ₅ in equation (10e)	187.81	0.0164

Figure 18.

The position trajectories that fulfill the STL formulas φ_i, i = 1, …, 5. The time information is indicated using different colors. (a) A position trajectory that fulfill φ₁ (b) a position trajectory that fulfills φ₂ (c) two position trajectories that fulfills φ₃ (d) two position trajectories that fulfills φ₄ (e) two position trajectories that fulfills φ₅.

7. Car parking experiment

In this section, we consider a car parking example. This example will specify a parking task as an STL formula and then show how our algorithms perform on real hardware. We will first perform reachability analysis for constructing the tTLT offline and then we use the tTLT to synthesize a parking controller for the Small-Vehicles-for-Autonomoy (SVEA) platform (Jiang et al., 2022).

As shown in Figure 19, we consider a scenario where an automated vehicle must enter the parking lot $S_{μ_{1}}$ , park in the designated parking spot $S_{μ_{2}}$ , and leave the parking lot through the exit $S_{μ_{4}}$ , where each step of the scenario has a specific deadline. Additionally, throughout the scenario, the vehicle must stay safe and avoid collisions with the parking lot walls and parked vehicles $S_{μ_{3}}$ .

Figure 19.

Scenario illustration: an automated vehicle needs to enter into the parking lot, park in the designated parking spot (blue), and leave the parking lot, while avoiding any collisions.

We describe the underlying continuous dynamics of the automated vehicle as:

f (x, u, w) = [\begin{array}{l} {\dot{p}}^{x} \\ {\dot{p}}^{y} \\ \dot{θ} \\ \dot{v} \end{array}] = [\begin{array}{c} v \cos θ \\ v \sin θ \\ \frac{v \tan δ}{L} \\ a \end{array}] + w

(11)

where

x = {[p^{x}, p^{y}, θ, v]}^{T}

is the vehicle’s x position, y position, heading, and velocity, respectively. u = [δ,a]^T is the vehicle’s steering and acceleration inputs. The working space is

X = {z \in R^{4} ∣ {[- 2, - 3, - π, - 0.6]}^{T} \leq z \leq {[2,2, π, 0.6]}^{T}}

, the control set is

U = {z \in R^{2} ∣ {[- π / 5, - 0.5]}^{T} \leq z \leq {[π / 5,0.5]}^{T}}

, and the disturbance set is

W = {z \in R^{4} ∣ {[- 0.01, - 0.01, - π / 72, - 0.01]}^{T} \leq z \leq {[0.01,0.01, π / 72,0.01]}^{T}}

. For constructing the tTLT, we discretize (11) using a simple zero-order hold estimation. Let δ be the sampling period, then we describe the discrete dynamics of the automated vehicle as

x_{k + 1} = x_{k} + f (x_{k}, u_{k}, w_{k}) Δ

For the parking task, we set Δ = 0.05s. We define the state sets in Figure 19 as $S_{μ_{1}} = {z \in R^{4} ∣ {[- 2, - 3, - π, - 0.6]}^{T} \leq z \leq {[2,0, π, 0.6]}^{T}}$ , $S_{μ_{2}} = {z \in R^{4} ∣ {[1.3, - 2, - π, - 0.6]}^{T} \leq z \leq {[2, - 1.5, π, 0.6]}^{T}}$ , $S_{μ_{4}} = {z \in R^{4} ∣ {[0.5,0, - π, - 0.6]}^{T} \leq z \leq {[1,1, π, 0.6]}^{T}}$ , and $S_{μ_{3}} = S_{μ_{3,1}} \cup S_{μ_{3,2}} \cup S_{μ_{3,3}}$ , where $S_{μ_{3,1}} = {z \in R^{4} ∣ {[- 2, - 3, - π, - 0.6]}^{T} \leq z \leq {[- 1.3,0, π, 0.6]}^{T}}$ , $S_{μ_{3,1}} = {z \in R^{4} ∣ {[- 2, - 3, - π, - 0.6]}^{T} \leq z \leq {[- 1.3,0, π, 0.6]}^{T}}$ , $S_{μ_{3,3}} = {z \in R^{4} ∣ {[1.3, - 3, - π, - 0.6]}^{T} \leq z \leq {[2, - 2, π, 0.6]}^{T}}$ .

We let the full scenario be 60 s long and specify that the vehicle needs to enter the parking lot, park in the designated spot, and leave the parking lot within 10 s, 40 s, and 60 s, respectively. Then, this parking task can be encoded into the following STL formula:

\begin{array}{l} φ_{p a r k i n g} = G_{[0,60]} \neg μ_{3} \land F_{[0,10]} G_{[0,30]} μ_{1} \land F_{[10,40]} μ_{2} \\ \land F_{[40,60]} μ_{4} \end{array}

First, we use Algorithm 1 to construct the corresponding tTLT $T_{φ_{p a r k i n g}}$ (see Figure 20), where the tube nodes $X_{i}, i = 1, \dots, 8$ are computed in a bottom-up manner as in the previous example. Then, we implement the online control synthesis algorithm (Algorithm 5) on a SVEA vehicle using $T_{φ_{p a r k i n g}}$ . For choosing a control policy within the constraints of the synthesized control sets, we apply the same approach as described in Section IV.C of Jiang et al. (2020).

Figure 20.

The constructed tTLT $T_{φ_{p a r k i n g}}$ .

For our evaluation, we initialize the SVEA vehicle with the initial state of x₀ = [1, 1.75, − π, 0]. At this initial state, φ₃ is robustly satisfiable. Figure 21 shows the position trajectory, where one can see that the specification is fulfilled. In Figure 22, we show the control input trajectories for acceleration and steering. We use k₁, k₂, k₃ to denote the minimal time instants that the automated vehicle reaches sets $S_{μ_{1}}$ , $S_{μ_{2}}$ , and $S_{μ_{4}}$ . Using the synthesized controller, the SVEA vehicle realized k₁ = 8.0, k₂ = 18.7, and k₃ = 48.7, as illustrated in both Figures 21 and 22, confirming the satisfaction of φ_parking. For our evaluation, we initialize the SVEA vehicle with the initial state of x₀ = [1, 1.75, − π, 0]. At this initial state, φ₃ is robustly satisfiable. Figure 21 shows the position trajectory, where one can see that the specification is fulfilled. In Figure 22, we show the control input trajectories for acceleration and steering. We use k₁, k₂, k₃ to denote the minimal time instants that the automated vehicle reaches sets $S_{μ_{1}}$ , $S_{μ_{2}}$ , and $S_{μ_{4}}$ . Using the synthesized controller, the SVEA vehicle realized k₁ = 8.0, k₂ = 18.7, and k = 48.7, as illustrated in both Figures 21 and 22, confirming the satisfaction of φ_parking.

Figure 21.

The position trajectory of a SVEA vehicle performing the parking task φ_parking.

Figure 22.

The velocity and heading trajectories in response to the acceleration and steering inputs throughout the parking task φ_parking.

Finally, we report the computation time of this example, which was run in Matlab R2022b with the Level Set Method Toolbox (Mitchell and Templeton, 2005). We perform reachability analysis for constructing the tTLT offline on a Dell laptop with Ubuntu 20.04, Intel i7-4600U CPU 2.10 GHz and 8.0 GB RAM, which takes 2371.81 s. We note that the offline computation time for constructing the tTLT can be significantly reduced by using the python implementation (Bui et al., 2022). Throughout the parking task, we perform the online control synthesis on an NVIDIA Jetson TX2 embedded computer onboard the SVEA vehicle. The average time step of the online control synthesis is 0.001 s. A video demonstration of this experiment can be found at https://bit.ly/STL-TLT.

8. Conclusion

A novel approach for the online control synthesis of uncertain discrete-time systems under STL specifications was proposed in this paper. First, a real-time version of STL semantics and a notion of tTLT were introduced. Then the formal semantic connection between an STL formula and its corresponding tTLT was derived, i.e., a trajectory satisfying a tTLT also satisfies the corresponding STL formula. Finally, an online control synthesis algorithm was designed for the uncertain systems based on the connection between STL and tTLT. For the fragment of STL formulas under consideration, the soundness of the algorithm was proven. In the future, the control synthesis for multi-agent systems under local and/or global STL specifications is of interest.

Footnotes

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: This work was supported by the Vetenskapsrådet (Distinguished Professor Grant 2017-01078 and International Postdoc Grant 2021-06727), Knut and Alice Wallenberg Foundation (Wallenberg Scholar Grant and Wallenberg Academy Fellow), the ERC COG LEAFHOUND (Grant agreement ID: 864720), and the ERC ADG FUN2MODEL (Grant agreement ID: 834115) and H2020 European Research Council under grant CoG LEAFHOUND.

ORCID iDs

Pian Yu

Frank J. Jiang

References

Allen

Clark

Starek

, et al. (2014) A machine learning approach for real-time reachability analysis In: Proceedings of IEEE/RSJ international conference on intelligent robots and systems, Chicago, IL, 14-18 September 2014, pp. 2202–2208.

Althoff

(2015) An introduction to CORA 2015. In: Proceedings of the workshop on applied verification for continuous and hybrid systems. pp. 120–151.

Alur

Feder

Henzinger

(1996) The benefits of relaxing punctuality. Journal of the ACM 43(1): 116–146.

Baier

Katoen

(2008) Principles of Model Checking. Cambridge, MA: MIT press.

Baillieul

Samad

(2021) Encyclopedia of Systems and Control. Berlin: Springer.

Bansal

Tomlin

(2021) Deepreach: a deep learning approach to high-dimensional reachability. In: Proceedings of IEEE international conference on robotics and automation, pp. 1817–1824.

Barbosa

Duberg

Jensfelt

, et al. (2019) Guiding autonomous exploration with signal temporal logic. IEEE Robotics and Automation Letters 4(4): 3332–3339.

Belta

Bicchi

Egerstedt

, et al. (2007) Symbolic planning and control of robot motion [grand challenges of robotics]. IEEE Robotics and Automation Magazine 14(1): 61–70.

Belta

Yordanov

Gol

(2017) Formal Methods for Discrete-time Dynamical Systems. Berlin: Springer, 89.

10.

Bertsekas

(1972) Infinite time reachability of state-space regions by using feedback control. IEEE Transactions on Automatic Control 17(5): 604–613.

11.

Bui

Giovanis

Chen

, et al. (2022) OptimizedDP: an Eeficient, user-friendly library for optimal control and dynamic programming. arXiv preprint arXiv:2204.05520.

12.

Buyukkocak

Aksaray

Yazcoglu

(2021) Planning of heterogeneous multi-agent systems under signal temporal logic specifications with integral predicates. IEEE Robotics and Automation Letters 6(2): 1375–1382.

13.

Buyukkocak

Aksaray

Yazıcıoğlu

(2022) Control barrier functions with actuation constraints under signal temporal logic specifications. In: Proceedings of European control conference, London, 12-15 July 2022.

14.

Chen

Herbert

Vashishtha

, et al. (2018a) Decomposition of reachable sets and tubes for a class of nonlinear systems. IEEE Transactions on Automatic Control 63(11): 3675–3688.

15.

Chen

Tam

Livingston

, et al. (2018b) Signal temporal logic meets Hamilton-Jacobi reachability: connections and applications. In: Proceedings of workshop on algorithmic foundations of robotics, pp. 581–601.

16.

Dokhanchi

Hoxha

Fainekos

(2014) On-line monitoring for temporal logic robustness. In: Proceedings of international conference on runtime verification, pp. 231–246.

17.

Fainekos

Pappas

(2009) Robustness of temporal logic specifications for continuous-time signals. Theoretical Computer Science 410(42): 4262–4291.

18.

Farahani

Majumdar

Prabhu

, et al. (2019) Shrinking horizon model predictive control with signal temporal logic constraints under stochastic disturbances. IEEE Transactions on Automatic Control 64(8): 3324–3331.

19.

Topcu

(2015) Computational methods for stochastic control with metric interval temporal logic specifications. In: Proceedings of 54th IEEE conference on decision and control, Osaka, 15-18 December 2015, pp. 7440–7447.

20.

Gao

Abate

Jiang

, et al. (2022) Temporal logic trees for model checking and control synthesis of uncertain discrete-time systems. IEEE Transactions on Automatic Control 67(10): 5071–5086.

21.

Gastin

Oddoux

(2001) Fast LTL to Büchi automata translation. In: Proceedings of international conference on computer aided verification, Berlin. Springer, pp. 53–65.

22.

Gilpin

Kurtz

Lin

(2021) A smooth robustness measure of signal temporal logic for symbolic control. IEEE Control Systems Letters 5(1): 241–246.

23.

Hamilton

Robinette

Johnson

(2022) Training agents to satisfy timed and untimed signal temporal logic specifications with reinforcement learning. International conference on software engineering and formal methods. Springer, pp. 190–206.

24.

Hashimoto

Takai

(2022) Stl2vec: signal temporal logic embeddings for control synthesis with recurrent neural networks. IEEE Robotics and Automation Letters 7(2): 5246–5253.

25.

Herceg

Kvasnica

Jones

, et al. (2013) Multi-parametric toolbox 3.0. In: Proceedings of European control conference, Zurich, 17-19 July 2013, pp. 502–510.

26.

Ilyes

Sunberg

, et al. (2022) Automaton-guided control synthesis for signal temporal logic specifications. In: 2022 IEEE 61st conference on decision and control (CDC), pp. 3243–3249.

27.

Jiang

Gao

Xie

, et al. (2020) Ensuring safety for vehicle parking tasks using Hamilton-Jacobi reachability analysis. In: Proceedings of 59th IEEE conference on decision and control, Jeju, 14-18 December 2020, pp. 1416–1421. DOI: 10.1109/CDC42340.2020.9304186.

28.

Jiang

Al-Janabi

Bolin

, et al. (2022) SVEA: an experimental testbed for evaluating V2X use-cases. In: Proceedings of IEEE 25th international conference on intelligent transportation systems, Macau, 08-12 October 2022, pp. 3484–3489. DOI: 10.1109/ITSC55140.2022.9922544.

29.

Kantaros

Zavlanos

(2019) Sampling-based optimal control synthesis for multirobot systems under global temporal tasks. IEEE Transactions on Automatic Control 64(5): 1916–1931.

30.

Kapoor

Balakrishnan

Deshmukh

(2020) Model-based Reinforcement Learning from Signal Temporal Logic Specifications. arXiv preprint arXiv:2011.04950.

31.

Karlsson

Barbosa

Tumova

(2020) Sampling-based motion planning with temporal logic missions and spatial preferences. IFAC-PapersOnLine 53(2): 15537–15543.

32.

Kochdumper

Bak

(2023) Fully Automated Verification of Linear Time-Invariant Systems against Signal Temporal Logic Specifications via Reachability Analysis. arXiv preprint arXiv:2306.04089.

33.

Koymans

(1990) Specifying real-time properties with metric temporal logic. Real-Time Systems 2(4): 255–299.

34.

Kress-Gazit

Lahijanian

Raman

(2018) Synthesis for robots: guarantees and feedback for robot behavior. Annual Review of Control, Robotics, and Autonomous Systems 1: 211–236.

35.

Kurtz

Lin

(2022) Mixed-integer programming for signal temporal logic with fewer binary variables. IEEE Control Systems Letters 6: 2635–2640.

36.

Kurzhanski

Pravin

(2014) Dynamics and Control of Trajectory Tubes: Theory and Computation. Berlin: Springer.

37.

Leung

Pavone

(2022) Semi-supervised trajectory-feedback controller synthesis for signal temporal logic specifications. In: 2022 American Control Conference (ACC). pp. 178–185.

38.

Leung

Aréchiga

Pavone

(2023) Backpropagation through signal temporal logic specifications: infusing logical structure into gradient-based methods. The International Journal of Robotics Research 42(6): 356–370.

39.

Lindemann

Dimarogonas

(2019a) Control barrier functions for signal temporal logic tasks. IEEE Control Systems Letters 3(1): 96–101.

40.

Lindemann

Dimarogonas

(2019b) Feedback control strategies for multi-agent systems under a fragment of signal temporal logic tasks. Automatica 106: 284–293.

41.

Lindemann

Matni

Pappas

(2021a) Stl robustness risk over discrete-time stochastic processes. In: 2021 60th IEEE conference on decision and control (CDC), Austin, TX, 14-17 December 2021, pp. 1329–1335.

42.

Lindemann

Pappas

Dimarogonas

(2022) Reactive and risk-aware control for signal temporal logic. IEEE Transactions on Automatic Control 67(10): 5262–5277.

43.

Liu

Mehdipour

Belta

(2022) Recurrent neural network controllers for signal temporal logic specifications subject to safety constraints. IEEE Control Systems Letters 6: 91–96.

44.

Maler

Nickovic

(2004) Monitoring temporal properties of continuous signals. In: Formal techniques, modelling and analysis of timed and fault-tolerant systems. Berlin: Springer, pp. 152–166.

45.

Mitchell

Templeton

(2005) A toolbox of Hamilton-Jacobi solvers for analysis of nondeterministic continuous and hybrid systems. In: Proceedings of international workshop on hybrid systems: computation and control, pp. 480–494.

46.

Murgovski

Sjöberg

(2015) Predictive cruise control with autonomous overtaking. In Proceedings of 54th IEEE conference on decision and control, pp. 644–649.

47.

Raman

Donzé

Maasoumy

, et al. (2014) Model predictive control with signal temporal logic specifications. In: Proceedings of 53rd IEEE conference on decision and control, Los Angeles, CA, 15-17 December 2014, pp. 81–87.

48.

Raman

Donzé

Sadigh

, et al. (2015) Reactive synthesis from signal temporal logic specifications. In: Proceedings of the 18th international conference on hybrid systems: computation and control, pp. 239–248.

49.

Roehm

Oehlerking

Heinz

, et al. (2016) Stl model checking of continuous and hybrid systems. In: Automated technology for verification and analysis: 14th international symposium, ATVA 2016, Chiba, October 17-20, 2016, Proceedings vol. 14. pp. 412–427.

50.

Sadraddini

Belta

(2015) Robust temporal logic model predictive control. In: Proceedings of 53rd annual Allerton conference on communication, control, and computing (Allerton), Monticello, IL, 29 September 2015 - 02 October 2015, pp. 772–779.

51.

Scher

Sadraddini

Kress-Gazit

(2022) Robustness-based synthesis for stochastic systems under signal temporal logic tasks. In: 2022 IEEE/RSJ international conference on intelligent robots and systems (IROS), Koyoto, 23-27 October 2022, pp. 1269–1275.

52.

Singh

Saha

(2023) Stl-based synthesis of feedback controllers using reinforcement learning. Proceedings of the AAAI Conference on Artificial Intelligence 37: 15118–15126.

53.

Sun

Chen

Mitra

, et al. (2022) Multi-agent motion planning from signal temporal logic specifications. IEEE Robotics and Automation Letters 7(2): 3451–3458.

54.

Takayama

Hashimoto

Ohtsuka

(2023) Signal Temporal Logic Meets Convex-Concave Programming: A Structure-Exploiting Sqp Algorithm for Stl Specifications. arXiv preprint arXiv:2304.01475.

55.

van Huijgevoort

Verhoek

Tóth

, et al. (2023) Direct Data-Driven Signal Temporal Logic Control of Linear Systems. arXiv preprint arXiv:2304.02297.

56.

Vasile

Belta

(2013) Sampling-based temporal logic path planning. In: Proceedings of IEEE/RSJ international conference on intelligent robots and systems, pp. 4817–4822.

57.

Vasile

Raman

Karaman

(2017a) Sampling-based synthesis of maximally-satisfying controllers for temporal logic specifications. In: Proceedings of IEEE/RSJ international conference on intelligent robots and systems, pp. 3840–3847.

58.

Vasile

Raman

Karaman

(2017b) Sampling-based synthesis of maximally-satisfying controllers for temporal logic specifications. In: 2017 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS). pp. 3840–3847.

59.

Venkataraman

Aksaray

Seiler

(2020) Tractable reinforcement learning of signal temporal logic objectives. In: Learning for Dynamics and Control. PMLR, pp. 308–317.

60.

Wolff

Murray

(2016) Optimal control of nonlinear systems with temporal logic specifications. Robotics Research. Berlin: Springer, pp. 21–37.

61.

Yang

Belta

Tron

(2020) Continuous-time signal temporal logic planning with control barrier functions. In: Proceedings of American Control Conference, pp. 4612–4618.

62.

Zhou

Maity

Baras

(2016) Timed automata approach for motion planning using metric interval temporal logic. In: Proceedings of European Control Conference, pp. 690–695.

Online control synthesis for uncertain systems under signal temporal logic specifications

Abstract

Keywords

1. Introduction

1.1. Motivation

1.2. Related work

1.2.1. LTL or MITL control synthesis

1.2.2. STL control synthesis

1.2.2.1. Optimization-based methods

1.2.2.2. Barrier function methods

1.2.2.3. Reachability-based methods

1.2.2.4. Sampling-based/data-driven/learning-based methods

1.2.3. Other related work

1.3. Contributions

1.4. Organization and notations

2. Preliminaries and problem Formulation

2.1. Systems dynamics

2.2. Signal temporal logic

2.3. Reachability operators

2.4. Problem formulation

3. Real-time STL semantics and tube-based temporal logic tree

3.1. Real-time STL semantics

3.2. Tube-based temporal logic tree and its construction

4. Semantic connection between STL and tTLT

5. Online control synthesis

5.1. Definitions and notations

5.2. Online control synthesis

6. Numerical simulations

6.1. Car overtaking example

6.2. Motion planning example

7. Car parking experiment

8. Conclusion

Footnotes

Declaration of conflicting interests

Funding

ORCID iDs

References