Metric interval temporal logic

In model checking, the Metric Interval Temporal Logic is a fragment of Metric Temporal Logic. This fragment is often preferred to MTL because some problems that are undecidable for MTL become decidable for MITL.

Definition

A MITL formula is an MTL formula, such that each set of reals used in subscript are intervals, which are not singletons, and whose bounds are either a natural number or are infinite.

Difference from MTL

MTL can express a statement such as the sentence S: "P held exactly ten time units ago". This is impossible in MITL. Instead, MITL can say T: "P held between 9 and 10 time units ago". Since MITL can express T but not S, in a sense, MITL is a restriction of MTL which allows only less precise statements.

Problems that MITL avoids

One reason to want to avoid a statement such as S is that its truth value may change an arbitrary number of times in a single time unit. Indeed, the truth value of this statement may change as many times as the truth value of P changes, and P itself may change an arbitrary number of time in a single time unit.
Let us now consider a system, such as a timed automaton or a signal automaton, which want to know at each instant whether S holds or not. This system should recall everything that occurred in the last 10 time units. As seen above, it means that it must recall an arbitrarily large number of events. This can not be implemented by a system with finite memory and clocks.

Bounded variability

One of the main advantage of MITL is that each operator has the bounded variability property. Example:
Given the statement T defined above. Each time the truth value of T switches from false to true, it remains true for at least one time unit. Proof: At a time t where T becomes true, it means that:

between 9 and 10 time units ago, P was true.
just before time t, P was false.

Hence, P was true exactly 9 time units ago. It follows that, for each, at time, P was true time units ago. Since, at time, T holds.
A system, at each instant, wants to know the value of T. Such a system must recall what occurred during the last ten time units. However, thanks to the bounded variability property, it must recall at most 10 time units when T becomes true. And hence 11 times when T becomes false. Thus this system must recall at most 21 events, and hence can be implemented as a timed automaton or a signal automaton.

Examples

Examples of MITL formulas:

states that the letter appears at least once in each open interval of length 1.
where is the prophecy operator defined as and which states that the first occurrence of in the future is in time unit.
states that holds exactly at each integral time and not anytime else.

Fragments

Safety-MTL_0,∞

The fragment Safety-MTL_0,v is defined as the subset of MITL_0,∞ containing only formulas in positive normal form where the interval of every until operator has an upper bound. For example, the formula which states that each is followed, less than one time unit later, by a, belongs to this logic.

Open and closed MITL

The fragment Open-MTL contains the formula in positive normal form such that:

for each, is open, and
for each, is closed.

The fragment Closed-MITL contains the negation of formulas of Open-MITL.

Flat and Coflat MITL

The fragment Flat-MTL contains the formula in positive normal form such that:

for each, if is unbounded, then is a LTL-formula
for each, if is unbounded, then is a LTL-formula

The fragment Coflat-MITL contains the negation of formulas of Flat-MITL.

Non-strict variant

Given any fragment L, the fragment L^ns is the restriction of L in which only non strict operators are used.

MITL_0,∞ and MITL₀

Given any fragment L, the fragment L_0,∞ is the subset of L where the lower bound of each interval is 0 or the upper bound is infinity. Similarly we denote by L₀ the subset of L such that the lower bound of each interval is 0.

Expressiveness over signals

Over signals, MITL₀ is as expressive as MITL. This can be proven by applying the following rewriting rules to a MITL formula.

is equivalent to .
is equivalent to if.
is equivalent to if.
is equivalent to.

Applying those rewriting rules exponentially increases the size of the formula. Indeed, the numbers and are traditionally written in binary, and those rules should be applied times.

Expressiveness over timed words

Contrary to the case of signals, MITL is strictly more expressive than MITL_0,∞. The rewriting rules given above do not apply in the case of timed words because, in order to rewrite the assumption must be that some event occurs between times 0 and, which is not necessarily the case.

Satisfiability problem

The problem of deciding whether a MITL formula is satisfiable over a signal is EXPSPACE-complete, while satisfiability for MITL_0,∞ is PSPACE-complete.