Specification and Verification of Multi-agent Systems · · Mehdi Dastani Koen V. Hindriks John-Jules Charles Meyer Editors Specification and Verification of Multi-agent Systems Foreword by Wiebe van der Hoek 123 Editors MehdiDastani KoenV.Hindriks UtrechtUniversity DelftUniversityofTechnology Dept.Information&Computing Mekelweg4 Sciences 2628CDDelft Padualaan14 TheNetherlands 3584CHUtrecht [email protected] TheNetherlands [email protected] John-JulesCh.Meyer UtrechtUniversity Dept.Information&Computer Sciences Padualaan14 3584CHUtrecht TheNetherlands [email protected] ISBN978-1-4419-6983-5 e-ISBN978-1-4419-6984-2 DOI10.1007/978-1-4419-6984-2 SpringerNewYorkDordrechtHeidelbergLondon LibraryofCongressControlNumber:2010930883 (cid:2)c SpringerScience+BusinessMedia,LLC2010 Allrightsreserved.Thisworkmaynotbetranslatedorcopiedinwholeorinpartwithoutthewritten permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY10013,USA),exceptforbriefexcerptsinconnectionwithreviewsorscholarlyanalysis.Usein connection with any form of information storage and retrieval, electronic adaptation, computer software,orbysimilarordissimilarmethodologynowknownorhereafterdevelopedisforbidden. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not theyaresubjecttoproprietaryrights. Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Foreword In the last decade, multi-agent systems have both become widely applied and also increasingly complex. The applications include the use of agents as automous de- cision makers in often safety-critical, dangerous, or high impact scenarios (traffic control,autonomoussatellites,computationalmarkets).Thecomplexityarisesfrom thefactthatnotonlydoweexpecttheagenttomakedecisionsinsituationsthatare notanticipatedatforehand,theagentalsointeractswithothercomplexagents,with humans,organisations,anditlivesinadynamicenvironment(activatorsofanagent canfail,communicationispronetoerror,humanresponsemaybeambiguous,rules ofanorganisationmayleavebehaviouropenorover-constrained,andenvironments maychange‘spontaneously’orasaresultofotheragentsactinguponit). TakingthesetwofactstogethercallforarigorousSpecificationandVerification ofMulti-AgentSystems.Sinceintelligentagentsarecomputationalsystems,itisno wonder that this activity builds upon and extends concepts and ideas of specify- ingandverifyingcomputer-basedsystemsingeneral.Forone,anaxiomisthatthe toolsaremainlylogical,orinanycaseformal.Butalthoughtraditionaltechniques ofspecificationandverificationgoalongwaywhenreasoningaboutthecorrectness ofasingleagent,thereareadditionalquestionsalreadytobeaskedatthislevel:do we‘only’requiretheagenttobehavewellunderapre-definedsetofinputs,ordo wewanttoallowfor(partially)undefinedscenarios?Anddowecareaboutthe‘cor- rectness’ofanagent’sbeliefs,desiresandintentionsduringacomputation?Howdo wewanttoguaranteethattheagent‘knowswhatheisdoing’,has‘reasonablede- sires’and‘onlydropsanintentionifit(sgoal)isfulfilled,orcannotbereasonably be fulfilled any longer’? And a predecessor of this ‘how to guarantee’ question is equallyimportant:whatdoweexactlymeanbythoserequirements? Inamulti-agentsystem,specificationandverificationbecomesonlyharderand, indeed,moreinteresting.Oncewehaveanunderstandingofhowtomaketheagents behavecorrectlyindividually,isthispropertythenalsocompositional,inthesense that it applies to the system as a whole? What are the requirements we need to impose on the interaction among the agents, the ability of the human users, the organisationtheagentsrepresent,ortheenvironmentasawhole,inordertomake v vi Foreword the multi-agent system behave as required? If we have means to specify this, then howdowecheckthis? Thisbook,withcontributionsfrommanyworld-leadingauthorsinthefield,gives manyanswerstothequestionsabove,therebyindeed often generalising ideasthat havebeenaroundinthespecificationandverificationcommunity.Forinstance,the bookaddressestheoremproving(‘allimplementations,ormodels,ofthespecifica- tionverify’)asameanstoverifypropertiesofcognitiveagents,refinement(making sure the runs of a system are in a desired class) as a compositional means to de- rivecorrectimplementationsfromagivenspecification,andmodelchecking(‘does thisparticularimplementationverify’)asatechniquetoverifycertainmulti-agent systembehaviour.Modelcheckingisappliedtoagentcommunication,topractical agentprogramminglanguages,andtolanguagesinwhichagentgoalsplayamajor role:acomplexitystudyofmodelcheckingfortemporalandstrategiclogicscom- plements these applications. There is also a chapter proposing a hybrid approach which guarantees on the one hand that some desirable properties in the specifica- tionlanguagearemetbyanyimplementationintheagentprogramminglanguage, andon topof that,adebugging frameworkthatchecks fortemporaland cognitive assertions. Thebookalsohaschaptersthatfocusonspecificationlanguages,forinstancea cognitiveagentspecificationlanguagewithdeclarativeandproceduralcomponents, andatemporaltracelanguagetoexpressdynamicpropertiesofmulti-agentsystems. Another chapter advocates to use one (term rewriting) language and its tools for prototyping,verifyingandtestingagentprograms. If one takes the autonomy of agents to the extreme, one should leave it to the agents to act in a correct way. Indeed, this book has a chapter where norms are used as a way to specify correct, or desired behaviour, and to make sure that the agents comply with the norm, a game-theoretic framework is proposed. Although all chapters mentioned above comply with the maxim of formality, there is also a chapterthatchallengesthisaxiom,andclaimsthatformalverificationforassurance ofagentsystemsis,onitsown,notenough. MehdiDastani,KoenHindriksandJohn-JulesMeyerarewell-choseneditorsof this book. The work of their Intelligent Systems group in Utrecht (now also con- tinued in the Man Machine Interaction group in Delft by Koen) encompasses all aspectsthisbookaddresses:theirlonghistoryofinvolvementinverifactionofpro- grams,theirearlyworkoriginatinginmodallogicsforspecificationofagents,their hands-on experience with implementing agents in 3APL and its successors, and theirinvolvement,fromitsearlydays,informalapproachestonormativesystems, makesthembettersuitedtocomposethisvolumethananybodyelse. January2010,Liverpool,UK WiebevanderHoek Contents 1 UsingTheoremProvingtoVerifyPropertiesofAgentPrograms..... 1 N.Alechina,M.Dastani,F.Khan,B.Logan,andJ.-J.Ch.Meyer 1.1 Introduction.............................................. 2 1.2 AnAgentProgrammingLanguage........................... 3 1.2.1 SimpleAPL ...................................... 3 1.2.2 SimpleAPLsyntax ................................ 6 1.3 OperationalSemantics ..................................... 6 1.3.1 Non-interleavedexecution .......................... 8 1.3.2 Interleavedexecution .............................. 9 1.4 Logic ................................................... 11 1.4.1 Preliminary....................................... 11 1.4.2 Language ........................................ 11 1.4.3 Semantics........................................ 12 1.4.4 Axiomatisation ................................... 13 1.5 Verification .............................................. 16 1.5.1 Expressingthenon-interleavedstrategy ............... 17 1.5.2 Expressingtheinterleavedstrategy ................... 19 1.6 Exampleofusingtheoremprovingtoverifypropertiesofan agentprogram ............................................ 24 1.7 RelatedWork............................................. 26 1.8 Conclusion............................................... 27 1.9 Appendix:EncodingsofpropertiesinMSPASS................ 28 1.9.1 MSPASSencodingoftheexample ................... 28 1.9.2 MSPASSencodingofalemmafortheproofofthe blind commitment property of thevacuumcleaneragent 30 1.9.3 -encodingoftheblindcommittmentproperty 32 vii viii Contents 2 TheRefinementofMulti-AgentSystems .......................... 35 L.As¸tefa˘noaeiandF.S.deBoer 2.1 Introduction.............................................. 36 2.1.1 RelatedWorks .................................... 38 2.2 FromSpecificationtoImplementationAgentLanguages......... 39 2.2.1 Preliminaries ..................................... 39 2.2.2 FormalisingMentalStatesandBasicActions .......... 39 2.2.3 BUnityAgents.................................... 41 2.2.4 WhyBUnityAgentsNeedJustice.................... 43 2.2.5 BUpLAgents..................................... 44 2.2.6 WhyBUpLAgentsNeedCompassion ................ 46 2.2.7 AppraisingGoals.................................. 47 2.3 TheRefinementofIndividualAgents......................... 48 2.4 TowardsMulti-AgentSystems .............................. 52 2.4.1 Action-basedChoreographies ....................... 53 2.4.2 AFinerNotionofRefinement ....................... 54 2.5 TimingExtensionsofMAS................................. 58 2.5.1 AddingTimetoBUnity ............................ 59 2.5.2 AddingTimetoBUpL ............................. 61 2.5.3 AShortNoteonTimedRefinement .................. 62 2.6 Conclusion............................................... 64 3 ModelCheckingAgentCommunication .......................... 67 J.Bentahar,J.-J.Ch.Meyer,andW.Wan 3.1 Introduction.............................................. 68 3.2 BriefOverviewofModelCheckingMulti-AgentSystems ....... 70 3.2.1 ExtendingandAdaptingExistingModelCheckers...... 70 3.2.2 DevelopingNewAlgorithmsandTools ............... 72 3.3 Tableau-basedModelCheckingDialogueGames............... 74 3.4 ACTL*Logic ............................................ 74 3.4.1 Syntax........................................... 74 3.4.2 Semantics........................................ 76 3.4.3 TableauRules .................................... 78 3.5 DialogueGameProtocolsasTransitionSystems ............... 80 3.6 VerificationofDialogueGameProtocols...................... 82 Contents ix 3.6.1 AlternatingBu¨chiTableauAutomata(ABTA)forACTL* 82 3.6.2 TranslatingACTL*intoABTA(Step1)............... 83 3.6.3 RunofanABTAonaTransitionSystem(Step2)....... 84 3.6.4 ModelCheckingAlgorithm(Step3).................. 90 3.7 CaseStudies ............................................. 93 3.7.1 VerifyingPNAWS............................... 93 3.7.2 VerifyingNetBill.................................. 99 3.8 DiscussionandFutureWork ................................101 4 DirectionsforAgentModelChecking ............................103 R.H.Bordini,L.A.Dennis,B.Farwer,andM.Fisher 4.1 Introduction..............................................104 4.1.1 AgentsandRationalAgents.........................104 4.1.2 LogicalAgentDescriptions .........................105 4.1.3 FormalVerificationandModelChecking..............106 4.1.4 ProgramVerification...............................108 4.1.5 AgentProgrammingLanguages .....................108 4.2 OurApproach ............................................109 4.2.1 AIL:MappingAgentLanguagestoaCommonBasis....111 4.2.2 AJPF:SpecialisingtheAILandJPFtoworktogether ...112 4.2.3 CurrentStatus ....................................114 4.3 Obstacles ................................................114 4.3.1 Performance......................................114 4.3.2 TargetAgentLanguages............................115 4.3.3 UsingAgentModelChecking .......................116 4.3.4 Applicability .....................................116 4.4 Directions ...............................................116 4.4.1 Applicability:AutonomousandAutonomicSystems ....117 4.4.2 Efficiency:PotentialforuseofMJI...................117 4.4.3 Efficiency: Potential for use of Program Slicing/Abstraction ................................118 4.4.4 Generality:TargetLanguages .......................119 4.4.5 Engineering:AgentDevelopmentApproach ...........119 4.4.6 Extension:VerificationofGroupsandOrganisations ....120 4.4.7 Applicability:VerifyingHuman-AgentTeamwork ......121 4.4.8 Efficiency/Extension:AlternativeModelCheckers ......122 4.5 ConcludingRemarks ......................................122
Description: