This work addresses the challenge that systems operating over extended periods in dynamic environments may violate their original Metric Temporal Logic (MTL) specifications due to performance degradation, even when their functional behavior remains unchanged. To tackle this issue, the paper introduces the CEGIW algorithm, which, for the first time, enables automatic and optimal weakening of MTL temporal interval bounds. Preserving the logical structure of the original specification, CEGIW employs counterexample-guided iterative optimization combined with formal verification and interval constraint analysis to synthesize the weakest valid specification still satisfied by the system. The authors formally prove the algorithm’s correctness and optimality, and demonstrate its efficacy through multiple real-world case studies, showing its ability to precisely identify the strongest feasible weakened specification or determine its non-existence.

Systems deployed for long periods of time in dynamic environments may experience performance degradation that affects timing guarantees, even when their functional behaviour remains unchanged. In the design and verification of critical systems, such timing guarantees are often expressed using Metric Temporal Logic (MTL). Under degradation, these specifications may no longer hold as stated, although weaker variants that relax timing bounds may still be satisfied and remain meaningful. For example, while an elevator may initially be required to arrive within 30 seconds of a request, degradation of its motor may only allow us to guarantee arrival within 60 seconds. Although weaker, this guarantee is still useful and allows the system to maintain a reasonable level of operation. In this paper we present CEGIW, an iterative, counterexample-guided algorithm for automatically weakening timing intervals in MTL specifications so that they hold for a given system model. The algorithm preserves the logical structure of the original specification and weakens only interval bounds. We prove the correctness and optimality of CEGIW, and conduct an empirical evaluation to demonstrate the practicality of interval weakening using formalised requirements from a number of real-world case-studies. Using a model checker to produce counterexamples, CEGIW either identifies the strongest interval weakening under which the specification holds, or determines that no such weakening exists.