Robust Linear Temporal Logic

Although it is widely accepted that every system should be robust, in the sense that “small” violations of environment assumptions should lead to “small” violations of system guarantees, it is less clear how to make this intuitive notion of robustness mathematically precise. In this paper, we address the problem of how to specify robustness in temporal logic. Our solution consists of a robust version of the Linear Temporal Logic (LTL) fragment that only contains the always and eventually temporal operators. We denote this new logic by rLTL( , ). Its formulas are syntactically identical to LTL formulas but are endowed with a many-valued semantics that encodes robustness. In particular, the semantics of the rLTL formula φ⇒ ψ is such that a “small” violation of the environment assumption φ is guaranteed to only produce a “small” violation of the system guarantee ψ. In addition, we study the verification and synthesis problems for this logic. Similarly to LTL, we show that: both problems are decidable; the verification problem can be solved in exponential time; the synthesis problem is solvable in doubly exponential time. All the results for rLTL( , ) smoothly extend to full rLTL, the robust version of full LTL. For reasons of space, such extension is not discussed but available in an extended version [21]. 1998 ACM Subject Classification F.4.1 Mathematical Logic, F.1.1 Models of Computation