EPiC Series in Computer Science

Volume 34, 2015, Pages 160–168

ARCH14-15. 1st and 2nd International Workshop on
Applied veRification for Continuous and Hybrid Systems

BluSTL: Controller Synthesis from Signal Temporal Logic

Specifications
Alexandre Donzé1 and Vasumathi Raman2∗
1
Department of Electrical Engineering and Computer Science,
UC Berkeley,
Berkeley, CA 94720, USA [email protected]
2
California Institute of Technology, Pasadena, CA, USA [email protected]

Abstract
We present BluSTL, a MATLAB toolbox for automatically generating controllers from specifications
written in Signal Temporal Logic (STL). The toolbox takes as input a system and a set of constraints
expressed in STL and constructs an open-loop or a closed-loop (in a receding horizon or Model Pre-
dictive fashion) controller that enforces these constraints on the system while minimizing some cost
function. The controller can also be made reactive or robust to some external input or disturbances.
The toolbox is available at https://github.com/BluSTL/BluSTL.

1 Introduction
In [7, 6] we described a new technique for synthesizing controllers for hybrid systems subject to
specifications expressed in Signal Temporal Logic (STL). The present document introduces the
toolbox BluSTL, which implements the ideas presented in these papers. The toolbox takes as
input a linear system (which can result from the linearization of some non-linear system), a set
of constraints expressed in STL and a cost function and outputs a controller. The controller
can be either in open-loop, i.e., it will compute a fixed sequence of inputs to be used by the
system, or in closed-loop in a receding horizon fashion. In the latter case, a sequence of inputs
is computed at each step, and only the first input values is used for one time step, and the
process is reiterated. One specificity of the toolbox is that the user can tune the robustness of
satisfaction of the STL specifications as defined in [1]. The toolbox also supports robust con-
troller synthesis in more classical sense, i.e., robust to variations of some external disturbance
input.

The approach as described in [7, 6] is based on encoding the system dynamics, the STL
constraints and the cost function together in a Mixed-Integer Linear Problem (MILP). The
controller then consists in a pre-compiled MILP which can be solved efficiently by modern
∗ This work is supported in part by TerraSwarm, one of six centers of STARnet, a Semiconductor Research

Corporation program sponsored by MARCO and DARPA.

160 G.Frehse and M.Althoff (eds.), ARCH15 (EPiC Series in Computer Science, vol. 34), pp. 160–168
BluSTL: Controller Synthesis from STL Specifications A. Donzé and V. Raman

MILP solvers, such as Gurobi [3]. Experiments show that the pre-compilation phase, which can
be done off-line, can take significantly more time (several seconds to minutes, depending on the
complexity of the dynamics and the specifications) than actually solving the resulting problem.
The former can be done often very quickly (less than a second), which makes it possible to use
the resulting controller on-line, possibly in real-time applications. The rest of the paper briefly
describes the theoretical background and then presents a small tutorial example.

2 Some Theoretical Background

2.1 System dynamics
We consider a continuous-time system Σ of the form

ẋ = Ax + Bu u + Bw w (1)
y = Cx + Du u + Dw w (2)

where
• x ∈ X ⊆ Rn is the system state,
• u ∈ U ⊆ Rm is the control input,
• w ∈ W ⊆ Rl is the external input,
• y ∈ Y ⊆ Ro is the system output.
Given a sampling time ∆t > 0, we discretize Σ into Σd of the form

x(tk+1 ) = Ad x(tk ) + Bud u(tk ) + Bw

d
w(tk ) (3)
d
y(tk ) = C x(tk ) + Dud u(tk ) + d
Dw w(tk ) (4)

where for all k > 0, tk+1 − tk = ∆t and t0 = 0. Given an integer N > 0, x0 ∈ X , and two
sequences u ∈ U N −1 and w ∈ W N −1 noted

u = u0 u1 . . . uN −1
w = w0 w1 . . . wN −1

we denote by ξ(x0 , u, w) ∈ X N the 4-uple of sequences (x, y, u, w) = ξ(x0 , u, w) such that x,

y, u and w satisfy (3-4) with x(tk ) = xk , y(tk ) = yk , u(tk ) = uk and w(tk ) = wk for all k.
ξ(x0 , u, w), or sometimes simply ξ is called a run of Σd .

2.2 Signal Temporal Logic

We consider STL formulas defined recursively according to the grammar1

ϕ ::= π µ | ¬ψ | ϕ1 ∧ ϕ2 | alw[a,b] ψ | ϕ1 until[a,b] ϕ2

where π µ is an atomic predicate X × Y × U × W → B whose truth value is determined by

the sign of a function µ : X × Y × U × W → R and ψ is an STL formula. The fact that a
1 For the readers familiar with temporal logic, note that the notation ev and alw (for 2 and 3) are taken

from the syntax also implemented in the toolbox Breach.

161
BluSTL: Controller Synthesis from STL Specifications A. Donzé and V. Raman

run ξ(x0 , u, w) satisfies an STL formula ϕ is denoted by ξ |= ϕ. Informally, ξ |= alw[a,b] ϕ if

ϕ holds at every time step between a and b, and ξ |= ϕ until[a,b] ψ if ϕ holds at every time
step before ψ holds, and ψ holds at some time step between a and b. Additionally, we define
ev[a,b] ϕ = > until[a,b] ϕ, so that ξ |= ev[a,b] ϕ if ϕ holds at some time step between a and b.
Formally, the validity of a formula ϕ with respect to the sequence x is defined inductively as
follows
ξ |= ϕ ⇔ (ξ, t0 ) |= ϕ
(ξ, tk ) |= π µ ⇔ µ(xk , yk , uk , wk ) > 0
(ξ, tk ) |= ¬ψ ⇔ ¬((ξ, tk ) |= ψ)
(ξ, tk ) |= ϕ ∧ ψ ⇔ (ξ, tk ) |= ϕ ∧ (ξ, tk ) |= ψ
(ξ, tk ) |= alw[a,b] ϕ ⇔ ∀tk0 ∈ [tk +a, tk +b], (ξ, tk0 ) |= ϕ
(ξ, tk ) |= ϕ until[a,b] ψ ⇔ ∃tk0 ∈ [tk +a, tk +b] s.t. (ξ, tk0 ) |= ψ
∧∀tk00 ∈ [tk , tk0 ], (ξ, tk00 ) |= ϕ.
An STL formula ϕ is bounded-time if it contains no unbounded operators; the bound of ϕ is the
maximum over the sums of all nested upper bounds on the temporal operators, and provides a
conservative maximum trajectory length required to decide its satisfiability. For example, for
alw[0,10] ev[1,6] ϕ, a trajectory of length N ≥ 10 + 6 = 16 is sufficient to determine whether the
formula is satisfiable.

2.3 Robust Satisfaction of STL formulas

Quantitative or robust semantics defines a real-valued function ρϕ of signal ξ and t such that
(ξ, t) |= ϕ ≡ ρϕ (ξ, t) > 0. In this work, it is defined as follows:
µ
ρπ (ξ, tk ) = µ(xk , yk , uk , wk )
ρ¬ψ (ξ, tk ) = −ρψ (ξ, tk )
ρϕ1 ∧ϕ2 (ξ, tk ) = min(ρϕ1 (ξ, tk ), ρϕ2 (ξ, tk ))
ρϕ1 ∨ϕ2 (ξ, tk ) = max(ρϕ1 (ξ, tk ), ρϕ2 (ξ, tk ))
ρalw[a,b] ψ (ξ, tk ) = mintk0 ∈[t+a,t+b] ρψ (ξ, tk0 )
ρϕ1 until[a,b] ϕ2 (ξ, tk ) = maxtk0 ∈[t+a,t+b] (min(ρϕ2 (ξ, tk0 ),
mintk00 ∈[tk ,tk0 ] ρϕ1 (ξ, tk00 ))
µ
To simplify notation, we denote ρπ by ρµ for the remainder of this document. The ro-
bustness of satisfaction for an arbitrary STL formula is computed recursively from the above
semantics by propagating the values of the functions associated with each operand using min
and max operators corresponding to the various STL operators. For example, the robust satis-
faction of π µ1 where µ1 (x) = x − 3 > 0 at time 0 is ρµ1 (ξ, 0) = x0 − 3. The robust satisfaction
of µ1 ∧ µ2 is the minimum of ρµ1 and ρµ2 . Temporal operators are treated as conjunctions and
disjunctions along the time axis: since we deal with discrete time, the robustness of satisfaction
of ϕ = alw[0,2.1] µ1 is

ρϕ (x, t) = min ρµ1 (x, tk ) = min{x0 − 3, x1 − 3, . . . , xK − 3}

tk ∈[0,2.1]

where 0 ≤ t0 < t1 < . . . < tK ≤ 2.1 < tK+1 .

The robustness score ρϕ (ξ, t) should be interpreted as how much ξ satisfies ϕ. Its absolute
value can be viewed as the signed distance of ξ from the set of trajectories satisfying or violating
ϕ, in the space of projections with respect to the function µ that define the predicates of ϕ
([2]).

162
BluSTL: Controller Synthesis from STL Specifications A. Donzé and V. Raman

2.4 Controller Synthesis

Given an STL formula ϕ and a cost function of the form J(x0 , u, w, ϕ) ∈ R, BluSTL can solve
different control synthesis problem, either in open loop or closed loop, and with a deterministic
or adversarial environment (robust control). In all problems, we assume given an initial state
x0 ∈ X , an horizon L and some reference disturbance signal w ∈ W N . The open loop and
closed loop scenario are depicted as block diagrams on Figure 1 and Figure 2.
Problem 1 (Open loop, deterministic). Compute u∗ = u∗0 u∗1 . . . u∗N −1 where

u∗ = argmin J(x0 , u, w, ϕ)
u∈U N
s.t. ξ(x0 , u, w) |= ϕ

Note that we assume that the state of the plant is fully observable.

ϕ, Σd , J

synthesis

Parametric u∗ =
MILP Solver Plant Σ x, y
MILP u∗0 u∗1 . . . u∗N −1

x0 , x0 , w
w0 , . . . , wN −1

Figure 1: Open Loop Scenario. A parametric Mixed-Integer Linear Program is generated from
the STL formula φ, the discrete-time plant model Σd and the cost function J. The parameters
of this MILP are the initial state x0 and disturbance vector w. When those are provided, a
solver can compute an optimal solution u∗ for horizon N which is passed and used by the plant
Σ.

Problem 2 (closed loop, deterministic). Given an horizon 0 < L < N , for all 0 ≤ k ≤ N − L,
compute u∗k as the first element of the sequence uL L L L
k ∗ = uk ∗ uk+1 ∗ . . . uk+L−1 ∗ satisfying

uL
k∗ = argmin J(xk , uL
k , wk , ϕ)
uL
K ∈U
L

s.t. ξ(xk , uL
k , wk ) |= ϕ

These two problems both admit an adversarial version where w is allowed to vary in some
region around wref while satisfying some constraints. In this case, BluSTL treats w as an
adversary for the controller which tries to falsify ϕ. The control input returned by BluSTL,
if any, is the first one after some iterations for which this falsification is infeasible. If no such
input is found, BluSTL stops and declares the problem infeasible. We refer the reader to [6] for
more details.

163
BluSTL: Controller Synthesis from STL Specifications A. Donzé and V. Raman

ϕ, Σd , J
synthesis

Controller

u∗ = Parametric x0
u∗0 u∗1 . . . u∗N −1 MILP Solver
MILP

w0 w1 . . . wN −1

u∗0 Plant Σ x1
x0

w0

Figure 2: Closed-loop Scenario. As for the open loop scenario, a parametric MILP is synthesized
from the specifications, dynamics and cost function. However, at each time step, only the first
optimal input is used by the plant.

3 Getting Started
3.1 Installing BluSTL
BluSTL depends on YALMIP [5], which is best obtained with the Multi-Parametric toolbox
(MPT3) [4]. Most experiments have been done with the Gurobi solver [3] as back-end, though
other solvers might work as well. Once YALMIP (or MPT3) is installed, the only thing to do
to install BluSTL is to add the path BluSTL/src to Matlab paths. In the following, we present
a tutorial example for a simple double integrator system. The tutorial script can be found in
BluSTL/examples/tutorial1.m.

3.2 A Small Tutorial

Defining the plant dynamics
The toolbox is organized around one main class, called STLClti. An STLClti object is primarily
a continuous Linear Time Invariant (LTI) system with inputs, outputs and disturbances. Hence,
a constructors for this class takes matrices to define such an LTI. We first define and A and B
matrices for state evolution:

A = [0 1 ;
0 0];
Bu = [0;1];

164
BluSTL: Controller Synthesis from STL Specifications A. Donzé and V. Raman

Later on, we will use a disturbance signals so we need to define a Bw matrice. This signal will
not influence the state dynamics, though, so we set Bw to be 0.

Bw = [0;0];
Next we define the output dynamics, i.e., C, Du and Dw matrices. Here we have a single output
y(t) = x1 (t).

C = [1 0];
Du = 0;
Dw = 0;
Now we can call the main constructor of STLC lti class.

Sys= STLC_lti(A,Bu,Bw,C,Du,Dw);
In the next section, we will define the different settings for the control synthesis experiment.
Before that, we define some initial state:

Sys.x0= [1 ; 1];

Defining the controller

We start by defining the time instants for the whole experiment, the discrete time step ts for
the controller and the horizon L in number of time steps.

Sys.time = 0:.1:10;
Sys.ts=.2; % sampling time for controller
Sys.L=10; % horizon is 2s in that case
Next we declare some constraints on control inputs, here, lower and upper bounds:

Sys.u_ub = 10; % upper bound on u

Sys.u_lb = -10; % lower bound on u
Then the following define a signal temporal logic formula to be satisfied by the system. Note
that times in the temporal operators are continuous, not discrete steps.The following formula
specifies that the output signal must remain at distance 0.1 from the external signal for 0.5
seconds after at most 1 second.

Sys.stl_list = {’ev_[0,1.] alw_[0,0.5] ( abs(y1(t)-w1(t)) < 0.1)’};

Now we are ready to compile the controller for our problem.

controller = get_controller(Sys)

Optimizer object with 108 inputs and 79 outputs. Solver: GUROBI-GUROBI

Note that by default, the objective function will minimize the 1-norm of the input.

165
BluSTL: Controller Synthesis from STL Specifications A. Donzé and V. Raman

Testing the controller

The simplest mode to run our system with the newly created controller is in open loop. This
is done with the following command:

run_open_loop(Sys, controller);
1
x1

-1
0 0.5 1 1.5 2 2.5 3 3.5 4
2
x2

-2
0 0.5 1 1.5 2 2.5 3 3.5 4
1
y1

-1
0 0.5 1 1.5 2 2.5 3 3.5 4
10
u1

-10
0 0.5 1 1.5 2 2.5 3 3.5 4
1
w1

-1
0 0.5 1 1.5 2 2.5 3 3.5 4
Time

The plot shows the optimal input u1 obtained and resulting state x1,x2 and output y1. We
note that the specification is correctly enforced.
We can run our system in closed loop, but this is not very interesting, because w is 0 anyway.
Let’s change it to take value 1 between time 3 and 4 and -0.5 between time 6 and 8:

Sys.Wref = Sys.time*0.;
Sys.Wref(30:40) = 1;
Sys.Wref(60:80) = -0.5;

Now we change the specification to an unbounded horizon one, where at all instant, the output
must track the external signal with some specified maximum delay:

Sys.stl_list = {’alw (ev_[0,1.] alw_[0,0.5] ( abs(y1(t)-w1(t)) < 0.1))’};

controller = get_controller(Sys);
This time we will only plot input and outputs, i.e., disable the state plotting:

Sys.plot_x =[]; % default was Sys.plot_x = [1 2]

run_deterministic(Sys, controller);

166
BluSTL: Controller Synthesis from STL Specifications A. Donzé and V. Raman

y1
0

-1
0 1 2 3 4 5 6 7 8 9 10

10
5
u1

0
-5
-10
0 1 2 3 4 5 6 7 8 9 10

0.5
w1

-0.5
0 1 2 3 4 5 6 7 8 9 10
Time

Here, the blue lines represent the states, inputs and outputs of the plant, while the green dashed
lines represents the predictions of the model of the controller.
More examples are given in the folder BluSTL/examples. In particular the hvac room case
study demonstrate the adversarial scenario, as well as plot customization. The idea is to create
a class derived from STLC lti and specialize the update plot method.

4 Future Work
BluSTL v0.1 is still at an early stage of development, and beside the usual bug fixes, perfor-
mance and stability issues, it can be further improved in many directions. One limitation is
that unbounded specifications are currently limited to alw(ϕ) where ϕ is a bounded horizon
formula, where the horizon should be smaller than L × ts. We are working on supporting more
unbounded horizon specifications, including ev and until with possible nesting (e.g. ev alw or
alw ev). Another direction is to lift the constraint on the horizon of sub-formulas, by using other
semantics, e.g., weak semantics, adapted to partial traces. Another limitation is on the type of
systems considered. It is relatively easy to use BluSTL for any kind of systems that admit a
proper linearization, but the linear models used in BluSTL are fixed. It would be interesting
to implement controller with switched linear dynamics, or more general hybrid models such as,
e.g., Mixed Logical Dynamics used in the MPT.

References
[1] A. Donzé and O. Maler. Robust satisfaction of temporal logic over real-valued signals. In For-
mal Modeling and Analysis of Timed Systems - 8th International Conference, FORMATS 2010,
Klosterneuburg, Austria, September 8-10, 2010. Proceedings, pages 92–106, 2010.
[2] G. E. Fainekos and G. J. Pappas. Robustness of temporal logic specifications for continuous-time
signals. Theoretical Computer Science, 410(42):4262–4291, 2009.

167
BluSTL: Controller Synthesis from STL Specifications A. Donzé and V. Raman

[3] I. Gurobi Optimization. Gurobi optimizer reference manual, 2015.

[4] M. Herceg, M. Kvasnica, C. Jones, and M. Morari. Multi-Parametric Toolbox 3.0. In Proc. of
the European Control Conference, pages 502–510, Zürich, Switzerland, July 17–19 2013. http:
//control.ee.ethz.ch/~mpt.
[5] J. Lfberg. Yalmip : A toolbox for modeling and optimization in MATLAB. In Proceedings of the
CACSD Conference, Taipei, Taiwan, 2004.
[6] V. Raman, A. Donzé, D. Sadigh, R. M. Murray, and S. A. Seshia. Reactive synthesis from signal
temporal logic specifications. In Proceedings of the international conference on Hybrid Systems:
Computation and Control, HSCC 2015, 2015.
[7] V. Raman, M. Maasoumy, A. Donzé, R. M. Murray, A. Sangiovanni-Vincentelli, and S. A. Seshia.
Model predictive control with signal temporal logic specifications. In Proc. of the IEEE Conf. on
Decision and Control, 2014.

168