Robustness of Temporal Logic Specifications for Finite State Sequences in Metric Spaces Technical Report MS-CIS-06-05 May, 2006 Georgios E. Fainekos 1 and George J. Pappas 2 1 Department of Computer and Information Science, Univ. of Pennsylvania fainekos @ cis.upenn.edu 2 Department of Electrical and Systems Engineering, Univ. of Pennsylvania pappasg @ ee.upenn.edu Abstract. In this paper, we consider the robust interpretation of met- ric temporal logic (MTL) formulas over timed sequences of states. For systems whose states are equipped with nontrivial metrics, such as con- tinuous, hybrid, or general metric transition systems, robustness is not only natural, but also a critical measure of system performance. In this paper, we define robust, multi-valued semantics for MTL formulas, which capture not only the usual Boolean satisfiability of the formula, but also topological information regarding the distance, ε, from unsatisfiability. We prove that any other timed trace which remains ε-close to the initial one also satisfies the same MTL specification with the usual Boolean semantics. We derive a computational procedure for determining the ro- bustness degree ε of the specification with respect to a given finite timed trace. Our approach can be used for robust system simulation and test- ing, as well as form the basis for simulation-based verification. 1 Introduction Model checking [1] has been proven to be a very useful tool for the verification of the properties of software and hardware systems. Such systems can be rep- resented by Boolean models, which are usually finite, and the properties to be verified are stated in modal or temporal logics with the Boolean valued seman- tics. The tools and methodologies developed for such systems do not naturally extend to systems whose state space is some general metric space, for example linear, nonlinear and hybrid systems. In this case, the model checking problem becomes harder and in most of the cases is undecidable [2]. Therefore, the ver- ification of such systems still relies heavily on methods that involve monitoring and testing [3–6]. Furthermore, general metric transition systems either model physical pro- cesses or the interaction between some software and/or hardware system and the continuous physical world. Up to now no formal model exists that can cap- ture accurately the behaviour of such a system – especially if it also exhibits