Multi-Fidelity Temporal Reasoning: A Stratified Logic for Cross-Scale System Specifications

Abstract

We present Stratified Metric Temporal Logic (SMTL), a novel formalism for specifying and verifying the properties of complex cyber–physical systems that exhibit behaviors across multiple temporal and abstraction scales. SMTL extends existing temporal logics by incorporating a stratification operator, enabling the association of temporal properties with specific abstraction levels. This allows for the natural expression of multi-scale requirements while maintaining formal reasoning about inter-level relationships. We formalize the syntax and semantics of SMTL, proving that it strictly subsumes metric temporal logic (MTL) and offers enhanced expressiveness by capturing properties unattainable in existing logics. Numerical simulations comparing agents operating under MTL and SMTL specifications show that SMTL enhances agent coordination and safety, reducing collision rates without substantial computational overhead or compromising path efficiency. These findings highlight SMTL’s potential as a valuable tool for designing and verifying complex multi-agent systems operating across diverse temporal and abstraction scales.

1. Introduction

Cyber–physical systems (CPS) exhibit behaviors across multiple temporal and abstraction scales, from millisecond-level control loops to hour-long mission objectives. While temporal logics have proven invaluable for specifying and verifying system properties [1], existing formalisms such as metric temporal logic (MTL) and signal temporal logic (STL) struggle to efficiently capture and reason about such multi-scale behaviors. This limitation becomes particularly acute in systems such as autonomous vehicles, where safety properties must be simultaneously maintained at the level of individual actuators, trajectory planning, and mission execution.

Existing temporal logics enforce a uniform treatment of time, requiring specifications to operate at the finest required temporal granularity [2]. Consider an autonomous drone delivery system: at the lowest level, motor control requires millisecond-precision timing; at the intermediate level, trajectory following operates on a timescale of seconds; and at the highest level, delivery scheduling involves minutes or hours. Expressing all of these requirements in MTL or STL requires reasoning on a millisecond scale throughout, leading to unnecessary complexity and computational overhead. The key challenge lies in the lack of formal mechanisms for stratifying temporal properties across different abstraction levels while maintaining sound logical relationships between these levels. Existing approaches typically handle multi-scale properties through informal decomposition or through separate specifications at different levels, losing the ability to reason formally about inter-level dependencies.

1.1. Paper Contributions

This paper introduces SMTL, an extension of traditional temporal logics incorporating a stratification operator to enable multi-scale temporal specification. The key contributions are as follows:

• We formalize the syntax and semantics of SMTL, proving that it strictly subsumes MTL and offers enhanced expressiveness by capturing properties unattainable in existing logics.
• We analyze the decidability and computational complexity of SMTL model checking, identifying decidable fragments with complexities comparable to MTL for bounded-time properties
• Through case studies and numerical simulations, we demonstrate SMTL’s practical utility in specifying multi-scale requirements and improving verification efficiency, enhancing agent coordination and safety.

The practical utility of SMTL is demonstrated through case studies, where we show how SMTL specifications naturally capture requirements that span multiple time scales while allowing more efficient verification compared to traditional approaches.

1.2. Related Work

Various temporal logics have been developed to specify and reason about temporal properties in CPS and control systems. STL and MTL are prominent examples that extend LTL to handle real-valued signals and timing constraints [3]. Probabilistic STL (PrSTL) extends STL with probabilistic operators to reason about stochastic CPS [4]. Truncated linear temporal logic (LTL) is a variant of LTL interpreted over finite traces and has been used to specify complex rules for RL agents. Robustness TL (RobTL) is a logic for specifying distances between CPS behaviors over a finite time horizon [5]. The use of temporal logics such as computation tree logic (CTL) and LTL provided a foundation for expressing desired behaviors in multi-agent systems [6,7,8,9,10,11].

SMTL builds upon the foundations of MTL to address the complexities of agent coordination and collision avoidance. MTL extends LTL by incorporating quantitative temporal constraints, enabling the specification of properties over real-time systems. While MTL has been used for specifying timing constraints and verifying system behaviors, it lacks mechanisms to prioritize different types of constraints, which is important in multi-agent coordination where safety and goal achievement may conflict. SMTL is a response to this limitation that introduces a stratification of temporal constraints, allowing agents to prioritize safety and coordination over individual objectives. The stratification concept aligns with the hierarchical organization of specifications, where higher-priority constraints must be satisfied before considering lower-priority ones. This approach is particularly relevant in multi-agent systems, where agents operate concurrently and interactions can lead to emergent behaviors.

Previous efforts have explored the use of hierarchical and prioritized logics in multi-agent planning and verification. For instance, ref. [12] developed TLA as a framework for reasoning about concurrent systems, with a focus on simplifying temporal logic reasoning. Separately, ref. [13] developed real-time logics to enable quantitative reasoning about timing delays in real-time applications. Research in multi-agent coordination employs various formal methods, including temporal logics, to specify and verify interaction protocols and ensure safe coordination between agents. These methods focus on specifying conventions of social interaction and rules that govern agent behavior in multi-agent systems [14]. Furthermore, research on robot control synthesis has focused on using LTL to specify both safety requirements (describing how the robot should always behave) and liveness specifications (describing goals that must eventually be achieved) [15].

Stratification has been well established in database theory through Stratified Datalog, where it provides a way to handle negation and recursion by organizing rules into strata. This concept has been extended to temporal reasoning through formalisms like DatalogMTL, which incorporates metric temporal operators [16]. In recent years, the application of formal methods in multi-agent pathfinding has gained traction, with work using satisfiability modulo theories (SMTs) and other verification techniques to ensure safe navigation [17]. Sharon et al. developed conflict-based search (CBS) algorithms that decompose multi-agent pathfinding problems into individual agent plans while resolving conflicts iteratively [18]. These methods do not inherently incorporate stratified priorities in their formulations. The introduction of SMTL contributes to this landscape by providing a logical framework that inherently supports priority stratification. By structuring temporal constraints into layers, SMTL facilitates the design of agents that can dynamically adjust their actions based on the priority of constraints, leading to improved coordination and safety in complex environments. Moreover, the integration of SMTL into multi-agent systems aligns with the broader trend of incorporating formal verification into agent-based modeling. The works of Belta et al. on formal methods for control synthesis have emphasized the importance of temporal logic in specifying desired behaviors, although the stratification aspect has remained less explored [19]. An additional dimension relevant to stratified logic is the use of multi-fidelity modeling and verification techniques [20,21,22,23,24]. Multi-fidelity approaches involve employing models of varying levels of detail and accuracy to balance the trade-off between computational efficiency and the precision of system analysis.

The closest work to our approach is multi-type LTL (MLTLM), which focuses on heterogeneous data types (e.g., Boolean, integer, real signals) within a single-level temporal logic framework, enabling us to write and verify properties involving different kinds of signals at once [25]. By contrast, SMTL emphasizes hierarchical or multi-scale abstractions. While MLTLM is about handling various data domains in one logic, SMTL is about cleanly separating and coordinating multiple levels of temporal or system detail in a single formalism.

1.3. Paper Organization

The remainder of this paper is organized as follows. Section 2 provides the necessary background on temporal logics and introduces the mathematical framework for stratified systems. Section 3 presents the formal syntax and semantics of SMTL, including examples that demonstrate its expressiveness. Section 4 develops the theoretical results, proving SMTL’s properties and complexity bounds. Section 5 presents experimental results comparing SMTL and MTL in multi-agent coordination scenarios. Finally, Section 6 concludes with a discussion of our findings and future research directions.

2. Preliminaries

Before introducing SMTL, we review the essential concepts of metric temporal logic and establish the mathematical framework for reasoning about stratified systems. Throughout this paper, we use the notation presented in

Table 1. Symbols and complexity measures used in the formalism.

Symbol	Description
${\Sigma }_k$	Signal space at abstraction level k
$\mathcal{L}\left(\phi \right)$	Language of formula $\phi$
$s{⊑}_k{s}^{\prime }$	State s refines state $s^{\prime }$ at level k
${\vDash }_k$	Satisfaction relation at abstraction level k
$[a,b],(a,b)$,	Intervals with $a,b\in {\mathbb{Q}}_{\ge 0}\cup \{\infty \}$
$[a,b),(a,b]$
$\diamond \phi$	Shorthand for ${\diamond }_{[0,\infty )}\phi$
Complexity Measures
$\left|\phi \right|$	Size of formula $\phi$
$\parallel \mathcal{M}\parallel$	Size of transition system $\mathcal{M}$
K	Maximum abstraction level
$c_{max}$	Maximum constant in timing constraints

.

2.1. Metric Temporal Logic

MTL extends propositional temporal logic with timing constraints on temporal operators. Let $AP$ be a set of atomic propositions and $\mathbb{I}$ be the set of non-empty intervals in ${\mathbb{R}}_{\ge 0}$ with endpoints in ${\mathbb{Q}}_{\ge 0}\cup \{\infty \}$.

Definition 1 

(MTL Syntax). An MTL formula φ is built according to the grammar

$$\phi ::=p\mid \neg \phi \mid {\phi }_1\wedge {\phi }_2\mid {\phi }_1{\mathcal{U}}_I{\phi }_2$$

where $p\in AP$ and $I\in \mathbb{I}$.

Additional temporal operators are defined as the following abbreviations:

$$\begin{array}{ccc}\hfill {\diamond }_I\phi & \triangleq \mathrm{true}{\mathcal{U}}_I\phi \hfill & \hfill \left(\mathrm{eventually}\right)\\ \hfill {\square }_I\phi & \triangleq \neg {\diamond }_I\neg \phi \hfill & \hfill \left(\mathrm{always}\right)\\ \hfill {\phi }_1{\mathcal{R}}_I{\phi }_2& \triangleq \neg (\neg {\phi }_1{\mathcal{U}}_I\neg {\phi }_2)\hfill & \hfill \left(\mathrm{release}\right)\end{array}$$

Definition 2 

(Timed State Sequence). A timed state sequence is a pair $\rho =(\sigma ,\tau )$ where

• $\sigma ={\sigma }_0{\sigma }_1{\sigma }_2\dots$ is an infinite sequence of states ${\sigma }_i\in 2^{AP}$;
• $\tau ={\tau }_0{\tau }_1{\tau }_2\dots$ is an infinite sequence of time stamps ${\tau }_i\in {\mathbb{R}}_{\ge 0}$, with ${\tau }_0=0$ and ${\tau }_i<{\tau }_{i+1}$ for all $i\ge 0$.

Definition 3 

(MTL Semantics). For a timed state sequence $\rho =(\sigma ,\tau )$ and position $i\ge 0$, the satisfaction relation ⊧ is defined inductively:

$$\begin{array}{cc}\hfill (\rho ,i)\vDash p& \iff p\in {\sigma }_i\hfill \\ \hfill (\rho ,i)\vDash \neg \phi & \iff (\rho ,i)⊭\phi \hfill \\ \hfill (\rho ,i)\vDash {\phi }_1\wedge {\phi }_2& \iff (\rho ,i)\vDash {\phi }_{1}and(\rho ,i)\vDash {\phi }_2\hfill \\ \hfill (\rho ,i)\vDash {\phi }_1{\mathcal{U}}_I{\phi }_2& \iff \exists j\ge i:(\rho ,j)\vDash {\phi }_2,{\tau }_j-{\tau }_i\in I,\hfill \\ \hfill & and\forall k,i\le k<j:(\rho ,k)\vDash {\phi }_1\hfill \end{array}$$

2.2. Stratified Systems and Abstraction Hierarchies

We now introduce the mathematical framework for reasoning about systems at multiple abstraction levels.

Definition 4 

(Abstraction Function). An abstraction function $\alpha :S\to S^{\prime }$ maps concrete states to abstract states, where S and $S^{\prime }$ are state spaces. An abstraction hierarchy is a sequence of state spaces and abstraction functions ${\left\{(S_k,{\alpha }_k)\right\}}_{k=1}^K$ where

• $S_k$ is the state space at level k;
• ${\alpha }_k:S_{k-1}\to S_k$ maps states from level $k-1$ to level k.

Definition 5 

(Abstraction Properties). An abstraction hierarchy satisfies the following:

• Monotonicity: For $i<j$, ${\alpha }_j\circ {\alpha }_i={\alpha }_j$.
• Preservation: For any property φ preserved by ${\alpha }_k$, if $s\vDash \phi$, then ${\alpha }_k\left(s\right)\vDash \phi$.
• Refinement: For states $s_1,s_2$, if ${\alpha }_k\left(s_1\right)={\alpha }_k\left(s_2\right)$, then $s_1$ and $s_2$ are equivalent at level k.

Definition 6 

(Temporal Resolution). Each abstraction level k has an associated temporal resolution ${\rho }_k\in {\mathbb{R}}_{>0}$, representing the minimum granularity of time distinguishable at that level. The temporal resolution hierarchy satisfies the following:

$$\forall k<l:{\rho }_k<{\rho }_l$$

3. Syntax and Semantics of SMTL

3.1. Syntax

Definition 7 

(SMTL Syntax). Let $AP$ be a set of atomic propositions and $\mathbb{I}$ be the set of non-empty intervals in ${\mathbb{R}}_{\ge 0}$ with endpoints in ${\mathbb{Q}}_{\ge 0}\cup \{\infty \}$. An SMTL formula φ is built according to the grammar

$$\phi ::=p\mid \neg \phi \mid {\phi }_1\wedge {\phi }_2\mid {\phi }_1{\mathcal{U}}_I{\phi }_2\mid L_k\phi$$

where $p\in AP$ is an atomic proposition, $I\in \mathbb{I}$ is a time interval, $k\in \mathbb{N}$ is an abstraction level, and $L_k$ is the stratification operator for level k.

As in MTL, we define additional temporal operators using the following abbreviations:

$$\begin{array}{cc}\hfill {\diamond }_I\phi & \triangleq \mathrm{true}{\mathcal{U}}_I\phi \hfill \\ \hfill {\square }_I\phi & \triangleq \neg {\diamond }_I\neg \phi \hfill \\ \hfill {\phi }_1{\mathcal{R}}_I{\phi }_2& \triangleq \neg (\neg {\phi }_1{\mathcal{U}}_I\neg {\phi }_2)\hfill \end{array}$$

The stratification operator $L_k$ can be nested, allowing for relationships between abstraction levels:

$$L_i\left(L_j\phi \right)\mathrm{where}i,j\in \mathbb{N}$$

Definition 8 

(Well-Formed SMTL Formula). An SMTL formula φ is well formed if for any nested stratification operators ($L_i$ and $L_j$) appearing in φ, where $L_i$ is within the scope of $L_j$, we have $i\le j$.

3.2. Semantics

The semantics of SMTL is defined over timed state sequences with multiple abstraction levels.

Definition 9 

(Stratified Timed State Sequence). A stratified timed state sequence is a tuple $\rho =({\left\{{\sigma }_k\right\}}_{k=1}^K,\tau )$ where

• ${\sigma }_k={\sigma }_{k,0}{\sigma }_{k,1}{\sigma }_{k,2}\dots$ is an infinite sequence of states at level k, with ${\sigma }_{k,i}\in 2^{AP}$;
• $\tau ={\tau }_0{\tau }_1{\tau }_2\dots$ is an infinite sequence of time stamps with ${\tau }_0=0$ and ${\tau }_i<{\tau }_{i+1}$;
• For each k, consecutive states in ${\sigma }_k$ are separated by at least ${\rho }_k$ time units.

Definition 10 

(Abstraction Consistency). A stratified timed state sequence ρ is abstraction consistent if for all levels $i<j$ and all positions n,

$${\alpha }_j\left({\sigma }_{i,n}\right)={\sigma }_{j,n}$$

where ${\alpha }_j$ is the abstraction function from level i to level j.

Definition 11 

(SMTL Semantics). For a stratified timed state sequence $\rho =({\left\{{\sigma }_k\right\}}_{k=1}^K,\tau )$, position $i\ge 0$, and abstraction level m, the satisfaction relation ${\vDash }_m$ is defined inductively:

$$\begin{array}{cc}\hfill (\rho ,i){\vDash }_{m}p& \iff p\in {\sigma }_{m,i}\hfill \\ \hfill (\rho ,i){\vDash }_m\neg \phi & \iff (\rho ,i){⊭}_m\phi \hfill \\ \hfill (\rho ,i){\vDash }_m{\phi }_1\wedge {\phi }_2& \iff (\rho ,i){\vDash }_m{\phi }_{1}and(\rho ,i){\vDash }_m{\phi }_2\hfill \\ \hfill (\rho ,i){\vDash }_m{\phi }_1{\mathcal{U}}_I{\phi }_2& \iff \exists j\ge i:(\rho ,j){\vDash }_m{\phi }_2,{\tau }_j-{\tau }_i\in I,\hfill \\ & and\forall k,i\le k<j:(\rho ,k){\vDash }_m{\phi }_1\hfill \\ \hfill (\rho ,i){\vDash }_m{L}_k\phi & \iff (\rho ,i){\vDash }_k\phi andk\ge m\hfill \end{array}$$

The semantics of the stratification operator $L_k$ ensures the following:

• Properties at level k are evaluated using the state sequence ${\sigma }_k$;
• The temporal resolution at level k is respected (${\rho }_k$);
• Abstraction consistency is maintained between levels.

3.3. Practical Implications of SMTL Expressiveness

Here, we provide two examples that demonstrate the enhanced expressiveness of SMTL over MTL.

Example 1 

(Multi-Scale System Specification). Consider an autonomous vehicle navigation system operating on multiple time scales. Existing MTL specifications struggle to capture requirements that span different temporal granularities. SMTL naturally expresses such multi-scale requirements through a single coherent formula:

$$\begin{array}{cc}\hfill {\varphi }_{nav}=& L_1{\square }_{[0,0.01]}(\parallel a_{cctual}-a_{commanded}\parallel \le ϵ)\wedge \hfill \\ & L_2{\square }_{[0,1]}(speed>v_{min}\to {\diamond }_{[0,0.5]}\mathit{lane}\_\mathit{centered})\wedge \hfill \\ & L_3{\square }_{[0,60]}(\mathit{destination}\_\mathit{reached}\to {\square }_{[0,5]}\mathit{safely}\_\mathit{parked})\hfill \end{array}$$

This formula simultaneously captures millisecond-level actuator control ($L_1$), second-level trajectory tracking ($L_2$), and minute-level mission objectives ($L_3$). The stratification operator cleanly separates these concerns while maintaining their logical relationships.

Example 2 

(Abstraction in Software Architecture). The expressiveness of SMTL aligns with layered software architectures. Consider a robotic system with a three-tier architecture:

$$\begin{array}{cc}\hfill {\varphi }_{\mathit{arch}}=& L_1(\mathit{functional}\_\mathit{layer}\_\mathit{spec})\wedge \hfill \\ & L_2(\mathit{executive}\_\mathit{layer}\_\mathit{spec})\wedge \hfill \\ & L_3(\mathit{planning}\_\mathit{layer}\_\mathit{spec})\hfill \end{array}$$

where each layer’s specification might involve temporal properties. The crucial advantage of SMTL lies in its ability to express inter-layer dependencies:

$$\begin{array}{cc}\hfill {\varphi }_{\mathit{deps}}=L_2{\square }_{[0,\infty )}& (\mathit{plan}\_\mathit{update}\to \hfill \\ & L_1{\diamond }_{[0,\delta ]}(\mathit{exec}\_\mathit{acknowledge}\wedge \hfill \\ & {\diamond }_{[0,\tau ]}\mathit{functional}\_\mathit{update}\left)\right)\hfill \end{array}$$

This hierarchical specification captures both the independence of different architectural layers and their temporal coupling, a feat impossible in standard MTL.

4. Theoretical Analysis

Theorem 1 

(Stratification Soundness). For any SMTL formula φ and abstraction levels $i<j$,

$$(\rho ,n){\vDash }_i{L}_j\phi \Rightarrow (\rho ,n){\vDash }_j\phi$$

Proof. 

This follows directly from the semantics of $L_k$ and abstraction consistency. When $(\rho ,n){\vDash }_i{L}_j\phi$, the formula $\phi$ is evaluated at level j using ${\sigma }_j$, which, due to abstraction consistency, is a valid abstraction of states at level i. □

Theorem 2 

(Temporal Resolution Hierarchy). For any SMTL formula φ and levels $i<j$,

$$\mathit{If}(\rho ,n){\vDash }_i{\diamond }_{[0,t]}\phi \mathit{then}t\ge {\rho }_i$$

Proof. 

According to the definition of stratified timed state sequences, the states at level i must be separated by at least ${\rho }_i$ time units. Therefore, any temporal property at level i must span at least this duration. □

4.1. Expressiveness of SMTL

We begin by establishing the foundational properties of abstraction functions that underpin the stratified nature of our logic. An abstraction function ${\alpha }_k:\Sigma \to {\Sigma }_k$ maps a concrete signal $\sigma \in \Sigma$ to an abstract signal at abstraction level k, where ${\Sigma }_k$ represents the signal space at level k. These functions form a hierarchy satisfying crucial properties: monotonicity ensures that for $i<j$, ${\alpha }_i\circ {\alpha }_j={\alpha }_i$; consistency guarantees that if $\varphi$ holds for ${\alpha }_i\left(\sigma \right)$, then there exists some higher level $j>i$ where $\varphi$ holds for ${\alpha }_j\left(\sigma \right)$; and the refinement property ensures that distinct signals remain distinguishable at some abstraction level.

Theorem 3 

(Strict Expressiveness). SMTL is strictly more expressive than MTL. This relationship manifests both in SMTL’s ability to express all MTL properties and in its capacity to express properties that are inexpressible in MTL.

Proof. 

The proof proceeds in two parts, first establishing that SMTL subsumes MTL, then demonstrating that SMTL can express properties beyond MTL’s capabilities. To show that SMTL subsumes MTL, we construct a translation function $\tau :\mathrm{MTL}\to \mathrm{SMTL}$ defined inductively on the structure of MTL formulas:

$$\begin{array}{cc}\hfill \tau \left(p\right)& =p\mathrm{for}p\in AP\hfill \\ \hfill \tau (\neg \varphi )& =\neg \tau \left(\varphi \right)\hfill \\ \hfill \tau ({\varphi }_1\wedge {\varphi }_2)& =\tau \left({\varphi }_1\right)\wedge \tau \left({\varphi }_2\right)\hfill \\ \hfill \tau \left({\varphi }_1{\mathcal{U}}_{[a,b]}{\varphi }_2\right)& =\tau \left({\varphi }_1\right){\mathcal{U}}_{[a,b]}\tau \left({\varphi }_2\right)\hfill \end{array}$$

Through structural induction, we prove that for any signal $\sigma$ and time point t, the satisfaction relation preserves equivalence: $(\sigma ,t){\vDash }_{\mathrm{MTL}}\varphi \iff (\sigma ,t){\vDash }_{\mathrm{SMTL}}\tau \left(\varphi \right)$. The base case for atomic propositions follows directly from the definition. For the inductive step, we consider each operator, with particular attention to the metric unit operator:

$$\begin{array}{cc}\hfill (\sigma ,t)& {\vDash }_{\mathrm{MTL}}{\varphi }_1{\mathcal{U}}_{[a,b]}{\varphi }_2\hfill \\ \hfill & \iff \exists t^{\prime }\in [t+a,t+b]:(\sigma ,t^{\prime }){\vDash }_{\mathrm{MTL}}{\varphi }_2\wedge \forall t^{\prime \prime }\in [t,t^{\prime }):(\sigma ,t^{\prime \prime }){\vDash }_{\mathrm{MTL}}{\varphi }_1\hfill \\ \hfill & \iff \exists t^{\prime }\in [t+a,t+b]:(\sigma ,t^{\prime }){\vDash }_{\mathrm{SMTL}}\tau \left({\varphi }_2\right)\wedge \forall t^{\prime \prime }\in [t,t^{\prime }):(\sigma ,t^{\prime \prime }){\vDash }_{\mathrm{SMTL}}\tau \left({\varphi }_1\right)\hfill \\ \hfill & \iff (\sigma ,t){\vDash }_{\mathrm{SMTL}}\tau \left({\varphi }_1\right){\mathcal{U}}_{[a,b]}\tau \left({\varphi }_2\right)\hfill \end{array}$$

To establish SMTL’s strictly greater expressiveness, we construct an SMTL formula that cannot be expressed in MTL. Consider the formula

$$\psi =L_1{\square }_{[0,1]}\left(p\right)\wedge L_2{\diamond }_{[0,2]}(\neg p)$$

We prove its MTL-inexpressibility through a contradiction argument. Let $\Sigma ={\{0,1\}}^{{\mathbb{R}}_{\ge 0}}$ be the set of Boolean signals. Define two signals, ${\sigma }_1$ and ${\sigma }_2$, that differ only at a single point:

$${\sigma }_1\left(t\right)=\left\{\begin{array}{cc}1\hfill & t\in [0,1]\hfill \\ 0\hfill & \mathrm{otherwise}\hfill \end{array}\right.$$

$${\sigma }_2\left(t\right)=\left\{\begin{array}{cc}1\hfill & t\in [0,1]\setminus \left\{0.5\right\}\hfill \\ 0\hfill & \mathrm{otherwise}\hfill \end{array}\right.$$

Define abstraction functions where ${\alpha }_1$ smooths out isolated points while ${\alpha }_2$ maintains the original signal:

$${\alpha }_1\left(\sigma \right)\left(t\right)=\left\{\begin{array}{cc}1\hfill & \mathrm{if}\exists \delta >0:\forall t^{\prime }\in (t-\delta ,t+\delta ),\sigma \left(t^{\prime }\right)=1\hfill \\ 0\hfill & \mathrm{otherwise}\hfill \end{array}\right.$$

$${\alpha }_2=\mathrm{id}$$

In this context, ${\alpha }_2=\mathrm{id}$ means (${\alpha }_2$) is the identity function. The identity function is being used at abstraction level 2 to represent “no abstraction” or “keep all details”. This contrasts with ${\alpha }_1$ which does perform abstraction. Under these definitions, $({\sigma }_1,0){\vDash }_{\mathrm{SMTL}}\psi$, while $({\sigma }_2,0){⊭}_{\mathrm{SMTL}}\psi$. However, any MTL formula $\theta$ must be evaluated equivalently on both signals: $({\sigma }_1,0){\vDash }_{\mathrm{MTL}}\theta \iff ({\sigma }_2,0){\vDash }_{\mathrm{MTL}}\theta$, as MTL cannot distinguish signals that differ at isolated points. This contradiction establishes that no MTL formula can express the property captured by $\psi$. □

Corollary 1 

(Stratification Power). Let ${\mathcal{L}}_{\mathrm{SMTL}}$ be the language of SMTL, and ${\mathcal{L}}_{\mathrm{MTL}}$ be the language of MTL. From Theorem 3, we know that ${\mathcal{L}}_{\mathrm{MTL}}⊊{\mathcal{L}}_{\mathrm{SMTL}}$, which means the following:

• Every MTL formula φ has an equivalent SMTL formula $\tau \left(\phi \right)$.
• There exists at least one formula $\psi \in {\mathcal{L}}_{\mathrm{SMTL}}$ such that $\psi \notin {\mathcal{L}}_{\mathrm{MTL}}$.

Because $\psi$ leverages the stratification operator $L_k$ in a way that cannot be emulated by standard MTL syntax or semantics, the stratification mechanism is strictly more powerful. Hence, the operator $L_k$ effectively extends the expressive frontier of the logic, allowing one to specify behaviors or constraints at multiple abstraction levels that cannot be collapsed into a single, uniform time scale.

Corollary 2 

(Multi-Scale Properties). Consider a CPS model with a hierarchy of time resolutions $\left\{{\rho }_1,{\rho }_2,\dots ,{\rho }_K\right\}$ and corresponding state abstractions ${\left\{{\alpha }_k\right\}}_{k=1}^K$. From Definition 5 (abstraction consistency) and the semantics of $L_k$, if a property ${\varphi }_k$ is designated at level k, then it is evaluated (i) using time steps separated by at least ${\rho }_k$, and (ii) in a state space ${\sigma }_k$ consistent with ${\alpha }_k$. Thus, a single SMTL specification

$$\varphi =\underset{k=1}{\overset{K}{\bigwedge }}{L}_k\left({\varphi }_k\right)$$

can encode requirements ${\varphi }_k$ at multiple time granularities. No purely single-scale temporal logic (MTL/STL) can replicate this multifaceted time-resolution property in a single unified formula without artificially inflating the timescale or losing key abstraction details. As a result, SMTL natively captures multiscale temporal requirements under one logical framework.

Definition 12 

(Bounded-Time SMTL Formula). An SMTL formula $\phi$ is called bounded-time if, for every temporal operator in φ (e.g., ${\mathcal{U}}_I,{\diamond }_I,{\square }_I$), the corresponding time interval I is a subset of $[0,T]$ for some finite $T\in {\mathbb{Q}}_{\ge 0}$. Equivalently, no time interval may be of the form $[a,\infty )$ or $(a,\infty )$.

This definition confines verification to finite time horizons for each temporal operator. By contrast, a lemph{unbounded-time} formula is one that includes at least one interval $[a,\infty )$ or $(a,\infty )$.

Theorem 4 

(SMTL Model-Checking Complexity). Let ϕ be an SMTL formula and $\mathcal{M}$ be a finite-state transition system. Denote as K the maximum abstraction level in ϕ, and as $c_{max}$ the largest integer constant appearing in its temporal intervals. The complexity of checking $\mathcal{M}\vDash \varphi$ satisfies the following:

• (Bounded-Time Case) For formulas with only bounded intervals, the model-checking problem is EXPTIME-complete.
• (Unbounded-Time Case) If ϕ includes at least one unbounded interval, the model-checking problem is 2EXPTIME-complete.

Moreover, the complexity grows polynomially in K.

4.2. Proof Sketch

The bounded-time result (EXPTIME-complete) follows from constructing a region automaton where each clock is bounded by the largest integer constant $c_{max}$ in $\varphi$. Because the transitions and clock valuations remain finite under bounded intervals, the automaton state space can be explored in exponential time with respect to $\parallel \mathcal{M}\parallel$ and $\left|\varphi \right|$. For each abstraction level k, we build an automaton of comparable size, yielding an overall EXPTIME procedure multiplied by a factor polynomial in K. For the unbounded-time case, we note that SMTL strictly generalizes MTL. It is known that model checking unbounded MTL is complete in 2EXPTIME, due to the necessity of handling infinite paths and the resulting exponential blow-ups when automating temporal logic over infinite horizons. We can reduce the unbounded MTL problem to SMTL by embedding an MTL formula ${\varphi }_{\mathrm{MTL}}$ into SMTL (see Theorem 3). Therefore, no asymptotically lower complexity can be applied to an unbounded SMTL, establishing a 2EXPTIME-hard lower bound. Since our upper bound construction also leads to a 2EXPTIME procedure, this completes the 2EXPTIME-completeness result for unbounded-time SMTL formulas.

Corollary 3. 

The 2EXPTIME-hardness for unbounded-time SMTL directly follows from the fact that there exists a linear-time many-to-one reduction from unbounded MTL model checking (itself 2EXPTIME-complete) to SMTL model checking.

In summary, if all intervals are finite, the complexity is contained in EXPTIME, whereas unbounded intervals invoke the 2EXPTIME-complete complexity class. This aligns with classical results on MTL, thus confirming both the bounded- and unbounded-time complexity claims for SMTL.

Corollary 4 

(Incremental Verification). Let $\varphi$ be an SMTL formula with maximum abstraction level K, and let $\mathcal{M}$ be a finite-state transition system. Suppose $\mathcal{M}\vDash \varphi$ has already been verified. Now, consider a new SMTL formula ${\varphi }^{\prime }$ obtained from $\varphi$ by adding or modifying constraints solely at a new level $K+1$. Formally,

$${\varphi }^{\prime }=\varphi \wedge \underset{i\in I}{\bigwedge }{L}_{K+1}\left({\psi }_i\right)$$

where each ${\psi }_i$ is a fresh subformula (or a refinement of existing constraints) that did not previously appear in $\varphi$, and no constraints at levels $\le K$ are altered. Then, to check whether $\mathcal{M}\vDash {\varphi }^{\prime }$, it suffices to carry out the following: 1. Verify the newly introduced subformulas $\left\{{\psi }_i\right\}$ at level $K+1$ within the abstract transition system ${\alpha }_{K+1}\left(\mathcal{M}\right)$. 2. Check the consistency between levels $K+1$ and K, ensuring that ${\sigma }_{K+1,n}$ correctly abstracts to ${\sigma }_{K,n}$ for each state index n, in accordance with Definition 5 (abstraction consistency). Because the properties at the existing levels $1,2,\dots ,K$ remain unchanged—and have already been verified—no further verification is required for those levels. As a result, the incremental-verification cost is polynomial in the size of ${\varphi }^{\prime }$ and $\parallel \mathcal{M}\parallel$ (as opposed to repeating a full model check from scratch). Hence, adding each new level only imposes overhead for the newly introduced constraints and their immediate interactions with the immediately lower level, confirming an efficient incremental-verification process.

5. Numerical Results

To evaluate the effectiveness of SMTL in enhancing multi-agent coordination and safety, we conducted a series of simulations comparing the performance of agents operating under SMTL and MTL specifications. The experiments were designed to assess how the introduction of stratification in temporal logic influences agent behavior in terms of collision avoidance and path efficiency. In our experimental setup, agents navigated grid worlds of dimensions ranging from $5\times 5$ to $150\times 150$. Each grid represented a discrete environment in which agents moved from randomly assigned starting positions to specified target locations. Obstacles were randomly placed within the grids. Agents were programmed to move one unit per time step in any of the four cardinal directions, provided the destination cell was within the grid boundaries and not occupied by an obstacle or another agent. The primary objective for each agent was to reach its goal while avoiding collisions with other agents and obstacles.

Under the MTL framework, agents were governed by temporal logic specifications that dictated their movement towards goals without consideration of other agents. The MTL specification used can be mathematically expressed as

$${\varphi }_{\mathrm{MTL}}={\square }_{[0,T]}(\mathrm{reachGoal}\to {\diamond }_{[0,T]}\mathrm{atGoal})$$

This formula specifies that globally, from time 0 to T, if an agent intends to reach its goal (reachGoal), then eventually, within time T, it must be at the goal position (atGoal). In contrast, agents operating under SMTL incorporated stratified reasoning to anticipate and avoid potential conflicts with other agents. The SMTL specification extended the MTL formula to include collision avoidance at a higher level of reasoning:

$${\varphi }_{\mathrm{SMTL}}=L_1\left({\varphi }_{\mathrm{MTL}}\wedge {\square }_{[0,T]}\left(\forall j\ne i,\neg \left({pos}_i={pos}_j\right)\right)\right)$$

Here, $L_1$ represents the stratification level where agents consider not only their goal-reaching objectives but also the positions of other agents to prevent collisions. The term ${\square }_{[0,T]}\left(\forall j\ne i,\neg \left({pos}_i={pos}_j\right)\right)$ ensures that at all times, agents avoid occupying the same position as any other agent. In this case study, the stratified nature of SMTL matches its temporal stratification through the separation of agent behaviors and constraints according to their temporal characteristics:

• Short-Term Temporal Constraints (Fine-Grained Temporal Level): Agents using SMTL enforce collision avoidance at every time step. This is a temporal property that requires agents to ensure that they do not occupy the same position as any other agent. In SMTL, this corresponds to a higher-priority constraint specified at a lower stratification level (e.g., $L_1$), which operates at a finer temporal granularity. The logic enforces that safety properties hold at all times or within very short time intervals.
• Long-Term Temporal Objectives (Coarse-Grained Temporal Level): Agents aim to reach their designated goals, which is a temporal property considered over a longer time horizon. In SMTL, this is captured at a higher stratification level (e.g., $L_2$ or $L_3$), where the temporal properties involve longer intervals or eventualities.

The experimental results presented in Figure 1 provide a comparison of agent performance under MTL and SMTL. For each grid size, the number of agents corresponds to the grid dimension, ensuring a consistent agent density across different environment scales. The key performance metrics evaluated include (i) collision rate, (ii) average path length, (iii) path efficiency, (iv) and average waits due to others. A key observation from the data is the contrast in collision rates between the MTL and SMTL agents. MTL agents show a non-zero collision rate across all grid sizes, with the collision rate generally increasing as the grid size and the number of agents grow. Specifically, MTL agents experience an average collision rate of 5.20 collisions per agent on the $5\times 5$ grid, which escalates to over 81 collisions per agent in the $150\times 150$ grid.

In contrast, SMTL agents maintain a collision rate of zero across all grid sizes, demonstrating their effectiveness in collision avoidance regardless of the environment’s scale. This result highlights the efficacy of the stratification approach in SMTL, which allows agents to prioritize safety and coordination over individual objectives. The ability of SMTL agents to completely avoid collisions, even in densely populated and extensive grids, signifies a substantial improvement over traditional MTL agents and validates the practical utility of SMTL in multi-agent systems. Analyzing the average path length reveals that SMTL agents often have shorter or comparable path lengths compared to MTL agents, especially in smaller grids. For example, on the $5\times 5$ grid, SMTL agents achieve an average path length of 8.40 units, whereas MTL agents average 10.47 units. This suggests that SMTL agents are capable of reaching their goals more efficiently in less congested environments. However, as the grid size increases, the difference in average path length between SMTL and MTL agents diminishes. In the $150\times 150$ grid, SMTL agents have an average path length of approximately 558.57 units, compared to 561.24 units for MTL agents. This convergence indicates that in larger environments, both agent types require similar path lengths to reach their goals, likely due to the proportional increase in distances that need to be traversed. The path efficiency metric, calculated as the ratio of the shortest possible path length to the actual path length, provides insight into the agents’ navigational effectiveness relative to the optimal path. SMTL agents consistently show higher path efficiency percentages than MTL agents across all grid sizes. In the $5\times 5$ grid, SMTL agents attain a path efficiency of approximately 40.37%, surpassing the 34.68% efficiency of MTL agents. Although both agent types experience a decline in path efficiency as the grid size increases—reflecting the greater complexity and potential detours in larger environments—SMTL agents maintain a slight advantage. This efficiency suggests that SMTL agents effectively balance the need for collision avoidance with the pursuit of efficient paths. A notable distinction between the two agent types is observed in the average waits due to others. SMTL agents exhibit a substantial number of waits, which increases with grid size—from an average of 5.93 waits in the $5\times 5$ grid to over 517 waits in the $150\times 150$ grid. This behavior reflects the SMTL agents’ strategy of waiting to avoid potential collisions, emphasizing their prioritization of safety and adherence to collision avoidance constraints. In contrast, MTL agents have zero waits across all grid sizes, indicating that they proceed toward their goals without regard for other agents, even if it results in collisions. The willingness of SMTL agents to wait highlights their commitment to coordination and safe operation within shared environments.

Computation time per step per agent is another metric where SMTL agents demonstrate competitive performance. Figure 2 shows this comparison. While SMTL agents incur slightly higher computation times compared to MTL agents, the difference is marginal. For example, in the $150\times 150$ grid, SMTL agents have an average computation time of approximately 0.935 milliseconds per step, compared to 0.489 milliseconds for MTL agents. This increase can be attributed to the additional processing required for collision avoidance and coordination with other agents. These results indicate that the coordination achieved by SMTL agents does not come at the expense of prohibitive computational costs.

6. Conclusions

In this paper, we proposed SMTL as a formalism for specifying and verifying properties of complex cyber–physical systems exhibiting behaviors across multiple temporal and abstraction scales. By incorporating a stratification operator into traditional temporal logics, SMTL enables the association of temporal properties with specific abstraction levels, facilitating the natural expression of multi-scale requirements while preserving formal reasoning about inter-level relationships. We formalized the syntax and semantics of SMTL, proving that it strictly subsumes MTL and offers enhanced expressiveness by capturing properties unattainable in existing logics. Through numerical simulations, we demonstrated the utility of SMTL in improving agent coordination and safety. The simulations comparing agents operating under MTL and SMTL specifications revealed that SMTL significantly reduces collision rates without incurring substantial computational overhead or compromising path efficiency. Specifically, SMTL agents maintained a zero collision rate at various grid sizes, highlighting the effectiveness of stratified reasoning in avoiding conflicts and improving overall system reliability. Our findings emphasize the potential of SMTL as a valuable tool for designing and verifying complex multi-agent systems operating across diverse temporal and abstraction scales.

Future Work

In future work, we plan to explore integrations and comparisons between SMTL and other hierarchical methods (e.g., MLTLM and CBS), aiming to assess how these approaches complement or further enhance SMTL’s multi-scale coordination capabilities. Furthermore, we plan to explore the integration of SMTL with automated synthesis tools to generate controllers that guarantee compliance with multi-scale specifications. Furthermore, investigating the application of SMTL in other domains, such as distributed sensor networks or human–robot interaction, could further validate its effectiveness. Extending SMTL to incorporate probabilistic reasoning or learning-based components may also enhance its applicability to systems with inherent uncertainties. Finally, the development of optimized algorithms for the checking of the SMTL model can facilitate its adoption in large-scale industrial applications.