A Formal Modelling Framework for Developing Multi-agent Systems ...

A Formal Modelling Framework for Developing Multi-agent Systems with Dynamic Structure and Behaviour Petros Kefalas1 , Ioanna Stamatopoulou2 , and Marian Gheorghe3 1

2

3

Department of Computer Science, CITY College, Thessaloniki, Greece [email protected] South-East European Research Centre, Thessaloniki, Greece [email protected] Department of Computer Science, University of Sheffield, UK [email protected]

Abstract. Multi-agent systems exhibit highly dynamic behaviour within dynamic environments. Modelling of individual agents within such systems demands considering both evolving data structures and the control over their internal changing states. In addition, modelling of the overall system implies modelling of the agents’ configuration, including their ability to exchange messages as well as the ability to re-structure their formation over time. This paper presents a formal modelling framework based on Communicating X-machines, allowing the specification of multi-agent software systems with a dynamic structure and behaviour. A case study illustrates the proposed modelling approach.

1

Introduction

Multi-agent system complexity is due to substantial differences in attributes between their individuals, high computational power required for the processes within agents, non-trivial type or volume of data manipulated by these processes and considerable amount of communication in order to achieve coordination and collaboration. The use of a computational framework that is capable of modelling both the dynamic aspect (change) and the static aspect (data and knowledge), will facilitate modelling and simulation of such complex systems. The majority of models created for biological or biology-inspired multi-agent systems are based on an assumed, fixed system structure that is not realistic. Our contribution is to show how most of the modelling requirements are captured through the use of a distributed state-based formal method, namely Communicating X-machines. In particular, we propose an extension of Communicating X-machine Systems, which includes the rules under and operations with which a multi-agent system changes its configuration over time. Our motivating example is given in Sect. 2 of this paper. In Sect. 3, we briefly discuss the use of formal methods in agent-oriented software engineering and we M. Pˇ echouˇ cek, P. Petta, and L.Z. Varga (Eds.): CEEMAS 2005, LNAI 3690, pp. 122–131, 2005. c Springer-Verlag Berlin Heidelberg 2005


A Formal Modelling Framework for Developing Multi-agent Systems

123

informally present X-machines. Formal definitions are given in Sect. 4 and a model for our motivating example in Sect. 5. Finally, we discuss various issues arising from the use of X-machines in multi-agent system development as well as existing tools.

2

Motivation

Our research is motivated by the implications of using formal methods in modelling biological systems. As in any software system, formal specification and modelling can lead towards a better understanding of the system under development, verification of important properties and application of complete test strategies. In biological processes bio-entities can be conceived as simple agents that act autonomously in a dynamic and complex environment but also communicate in order to achieve a desired emergent behaviour. Such a behaviour is apparent in swarms or colonies of social insects as well as in epithelial tissues formed out of individual cells [1, 2]. For example, consider the following scenario: a number of identical agents A are located in a plane and move freely (randomly) in space (Fig. 1.a). When two identical agents A collide (Fig. 1.b), a new type of agent L is generated (Fig. 1.c). When any agent A comes close (within a threshold distance) to any agent L, agent A follows the movement of L from then on, as a satellite, staying at the threshold distance (Fig. 1.d). Agents L can have up to a certain number of satellite agents—if this number is reached then a complete assembly is formed (Fig. 1.e). A complete assembly has the ability to immobilise or destroy any agent A, which enters the virtual cycle of the assembly (Fig. 1.f). This kind of scenario resembles a number of situations, which appear in abundance in chemistry, biology, swarms, robotics, artificial life systems, self-assembly etc. Systems like the above consist of agents with common characteristics; they sense their local environment through stimuli and have an internal state which is determined by a set of values that characterise a particular instance of their life time as well as what they know or believe about themselves, other agents and the environment. They also possess a set of behaviours, triggered by stimuli and their internal state. Finally, agents are able to communicate information with other agents under specific circumstances. In the previous example, agents know their position in space and sense free space or other agents of type A or L. When an agent A becomes a satellite of an agent L, then the former behaves as a blind follower by receiving the new direction of the latter through communication. Communication is established between an agent L and all its satellites. In addition, these multi-agent systems are highly dynamic in structure. The configuration of the system (overall system state), is implied by the number of agents that are present at any given time as well as the way these agents interact. Evolution of the system may imply that some new agents come into play, others cease to exist, some change roles, while the communication channels between agents are re-configured over time.In the previous example, a new type of agent L is born when two agents A collide and disappear from the system. The same

124

P. Kefalas, I. Stamatopoulou, and M. Gheorghe

Fig. 1. Six system instances showing the agents’ behaviour

happens when an agent A enters the virtual cycle of a complete assembly. Finally, new communication channels are configured when agents becomes satellites.

3

Formal Methods for Multi-agent Systems

In an attempt to formally model each individual agent as well as the dynamic behaviour of the overall system, we need a formal method that is capable of rigorously describing all the essential attributes, i.e. change, behaviour, communication and dynamics. It is also important that the level of abstraction imposed by a formal method is appropriate enough to lead towards the implementation of a system. The most widely used formal methods are accompanied by toolkits, which make their adoption wider by researchers and industry. A plethora of formal methods are available to use. Some of them have the means to efficiently define the data structures of a system and the operations employed to modify the values in these structures (Z, VDM). Some others describe well the control over a system’s states (FSM, Petri Nets). Also, there are formal methods that put emphasis on the concurrency and communication of processes (CCS, CSP). Finally, new computation approaches as well as programming paradigms inspired by biological processes in living cells, introduce concurrency as well as neatly tackle the dynamic structure of multi-component systems (P Systems, Brane Calculus, Gamma, Cham, MGS) [3, 4, 5]. In agent-oriented software engineering, there have been several attempts to use formal methods, each one focusing on different aspects of agent systems development, in order to: move to the implementation through refinement of the specification and to be able to develop proof theories for the architecture [6], capture the dynamics of an agent system [7], focus on the specification of

A Formal Modelling Framework for Developing Multi-agent Systems

125

the dynamics of the reasoning and acting behaviour of multi-agent systems [8], etc. Other attempts were made in order to verify properties of agent models, based on model checking, or to focus on program generation of reactive systems through a formal transformation process [9, 10]. Wider approaches formally specify multi-agent systems and then directly execute the specification while verifying important temporal properties [11]. Finally, less formal approaches, which accommodate the distinctive requirements of agents, have been proposed [12]. An interesting comparison of various formal methods for the verification of emergent behaviours in swarm-based systems is reported in [13]. X-machines are a formal method that was firstly introduced by Eilenberg [14] but was later considered suitable as a specification language [15]. A particular class of X-machines, the stream X-machines, was found to be well-suited for modelling of reactive systems. Since then valuable findings using the X-machines as a formal notation for specification, modelling, communication, verification and testing purposes have been reported [16, 17, 18]. The X-machine (XM) models possess characteristics that make them useful for specifying software systems. XM models consist of a number of states, just as a Finite State Machine (FSM) does. But in contrast to FSM, an XM model has a memory, which accommodates mathematically defined data structures, pretty much as Z does. The transitions between states are labelled by functions. The functions are not applied only to inputs but also to memory values and produce outputs and new memory values. The XM models consume a stream of inputs and produce a stream of outputs, through a number of computation steps (a computation step being the application of one function). An XM with no initial state and memory is called an X-machine type. Types can be used to create instances of XM that can all be part of a larger system. XM instances are able to communicate between them. A number of approaches have been proposed for asynchronous and synchronous communication [16]. In principle, a function of a machine can produce an output, which can be directed to an input stream of another machine.

4

Dynamic Communicating X-Machine Systems

Definition 1. The 8-tuple XM = (Σ , Γ , Q, M, Φ, F, q0 , m0 ) defines a stream X-machine [18] where: – – – –

Σ and Γ are the input and output alphabets respectively; Q is the finite set of states; M is the (possibly) infinite set called memory; Φ is a set of partial functions ϕ that map an input and a memory state to an output and a possibly different memory state, ϕ : Σ × M → Γ × M ; – F is the next state partial function, F : Q × Φ → Q, which given a state and a function from the type Φ determines the next state. F is often described as a state transition diagram; – q0 and m0 are the initial state and initial memory respectively.

126

P. Kefalas, I. Stamatopoulou, and M. Gheorghe

For the modelling of systems where more than one agents need to co-exist, the XM model needed to be extended by new features, such as hierarchical decomposition and communication. A Communicating X-machine (CXM) model consists of several XM that are able to exchange messages. This involves modelling the participating agents and defining the rules of their communication. Definition 2. A Dynamic Communicating X-machine System Z is defined as Z = ((Ci )i=1,...,n , CR, R, GC) where: – Ci is the i-th CXM component i.e. an XM whose functions ϕ ∈ Φ are able to either receive input from other communicating components or send outputs to be received as input by other components’ functions or both; – CR is a relation defining the communication among the components, CR ⊆ C × C and C = {C1 , . . . , Cn }. A tuple (Ci , Ck ) ∈ CR denotes that the CXM component Ci can output a message to a corresponding input stream of CXM component Ck for any i, k ∈ {1, . . . , n}, i = k; – R is the set of rules that refer to the configuration of the system, i.e. they define how the operators that will be affecting the structure of the communicating system are to be applied; – GC is the set of definitions of all components that exist or may be added to the system. These definitions act as genetic codes for the system, i.e. GC is the set of XM types. Definition 3. The state SZ of a Communicating X-machine System is defined as SZ : P(S) where S is a set of 3-tuples S = {(qc , mc , ϕc )i | ∀Ci , 1 ≤ i ≤ n, qc ∈ Qi , mi ∈ Mi , ϕc ∈ Φi } (qc is the state in which Ci is in, mc is the memory value of Ci and ϕc is the last function that has been applied in Ci ) such that each tuple represents the current computation state that an XM is in. The rules that drive the evolution of the system structure are generally of the form condition → action whereby, if the condition allows, an appropriate action which includes one or more reconfiguration operations is being performed. The reconfiguration operators involved have been inspired by Population P Systems [19], which are by definition capable of changing their structure while evolving. In the descriptive definitions that follow X M is the set of all XM types, C is the set of all CXM components and Z the set of all CXM Systems (the complete definitions may be found in [20]): Definition 4. The Attachment operator ATT : C × C × Z → Z is responsible for establishing communication between two existing CXM components. It takes as arguments two CXM components Ci , Ck and the current CXM System Z (to which they belong) and outputs the system Z  according to which Ci and Ck are able to communicate. Definition 5. The Detachment operator DET : C × Z → Z removes communication channels between an existing CXM component and the set of other existing components with which it currently communicates.

A Formal Modelling Framework for Developing Multi-agent Systems

127

Definition 6. The Generation operator GEN : X M × Z → Z creates and introduces a new CXM component of type XM into the system. Definition 7. The Destruction operator DES : C × Z → Z is used for the removal of an existing CXM component from the system along with all the channels that allow its communication with other components. Because of the memory structure that is inherent to XM models, a temporal logic such as the Computational Tree Logic (CTL) [21], is not by itself adequate for the purposes of model checking. In order to overcome the lack of expressiveness and to avoid the refinement of X-machines, X mCTL , an extension of CTL, has been defined [17], that can handle the processing of the memory structure for the model checking of an X-machine. This is accomplished with the use of two extra memory quantifier operators, besides the temporal operators and the path quantifiers, that quantify memory instances within a single state: mx , meaning “there exists a memory value”, and Mx , meaning “for all memory values”. Additionally, an appropriate algorithm has been devised [17] that can model check systems expressed as X-machines with the properties to be checked expressed in X mCTL .

5

Modelling Agents with X-Machines

The two types of agents, A and L, presented in the example of the introduction can be modelled as X-machines, whose state transition diagrams FA and FL are shown in Fig. 2. QA = {moving f reely, collided, f ollowing L, dead}. The memory of agent A holds its current position, the identifier of the agent L that is being followed (or noL if none is followed) and the threshold distance, under which a bond is made with an agent L so MA = (Z × Z) × (L ∪ {noL}) × R, where L is the set of all possible identifiers of agents of type L. The input set ΣA = (L ∪ A ∪ {space}) × (Z × Z), where A is the set of all possible identifiers of agents of type A. The output set ΓA is a set of messages. Accordingly, for the agent L, QL = {moving f reely}, ΣL = (A ∪ {space})× (Z × Z), and ΓL is a set of messages. The memory ML = (Z × Z) × P(A) × N , where the second memory position holds the set of satellite agents of type A and the third position holds the number of agents A that are needed for a complete assembly. Indicatively, some of the functions in the two Φ sets are: move((space, (x, y)), ((cx, cy), noL, d)) = (movingF reely, ((x, y), noL, d)), if neighbours((x, y), (cx, cy)) f ollow((myL, (x, y)), ((cx, cy), myL, d)) = (f ollowL, ((cx , cy  ), myL, d)), where (cx , cy  ) = calculate coord(d, (x, y), (cx, cy)) meet A((agentA, (cx, cy)), ((cx, cy), myL, d)) = (collidedW ithA, ((cx, cy), noL, d)) move((space, (x, y)), ((cx, cy), setA, maxA)) = (movingF reely, ((x, y), setA, maxA)), if neighbours((x, y), (cx, cy))

128

P. Kefalas, I. Stamatopoulou, and M. Gheorghe

Fig. 2. The two X-machine types used in the example

A joins((agentA, (x, y)), ((cx, cy), setA, maxA)) = (agentAJoins, ((cx, cy), setA ∪ agentA, maxA)), if |setA| < maxA ∧ agentA ∈ / setA The CXM model consists of all agent models that are instantiated with an initial state and an initial memory. So, initially the system of Fig. 1.a is Z = (C, ∅, R, GC) where C = {A1 , A2 , ..., A9 }, R contains the rules of dynamically configuring the system structure and GC contains the two XM types of agents that exist in the system, i.e. A and L. SZ, the overall current system state, may for example look like SZ = {(moving f reely, ((3, 15), noL, 4.5), ε)A1 , ...}. The rules in R for dynamic configuration describe the situations which, if present in the system state SZ, change the configuration of the system. All rules imply application of one or more reconfiguration operators ATT, DET, GEN, and DES. For example, the rule that is applicable when two agents of type A collide is the following: ((moving f reely, ((X, Y ), noL, d), ϕi )Ai ∈ SZ ∨(f ollowing L, ((X, Y ), anL, d), ϕi )Ai ∈ SZ) ∧ ((moving f reely, ((X, Y ), noL, d), ϕj )Aj ∈ SZ ∨ (f ollowing L, ((X, Y ), anL, d), ϕj )Aj ∈ SZ) ∧ Ai = Aj → Z  = GEN(Lk , DES(Aj , DES(Ai , Z))), where k = |C| + 1 Also the rule that creates a satellite agent A of an agent of type L is: (moving f reely, ((X1, Y 1), noL, d), ϕi )Ai ∈ SZ ∧ (moving f reely, ((X2, Y 2), setA, m), ϕk )Lk ∈ SZ ∧ d ≤ distance((X1, Y 1), (X2, Y 2)) → Z  = ATT(Ai , Lk , Z) Figure 3 shows a formation consisting of one agent instance of type L (L10 ) and two agents instances of type A (A1 and A2 ). While moving, L10 sends its new coordinates to A1 and A2 which use them as inputs to follow L10 . The

A Formal Modelling Framework for Developing Multi-agent Systems

129

Fig. 3. Communication between an agent A with its two satellite agents. A solid circle denotes the acceptance of input from another component whereas the solid diamond the direction of output to another component

corresponding function of L10 is transformed so that the its output is transformed into the format that is understandable by the f ollow function of the A agents. Finally, X mCTL may be used to verify properties of the individual models. In this example, we may need to verify that “under no circumstances will an agent of type L have more than the maximum allowed number of satellites”. The temporal logic formula that expresses this property is AGMx (|M (2)| ≤ M (3)) where A is the path quantifier “for all paths” and G is the temporal logic operator “for all states” respectively, and the syntax M (n) refers to the n-th element of the memory structure, in this case the set of satellite agents (M (2)) and the maximum allowed number of satellites (M (3)). Currently, further work is being done towards the verification of CXM Systems’ properties that would allow us to answer questions such as, for example, “does the system always reach a state when all the agents of type A are extinct?”, i.e. it would allow us to model check for certain properties featured by the entire collection that the components constitute.

6

Discussion

X-machines can be thought to apply in similar cases where StateCharts and other similar notations, such as SDL, do. In principle, XM are considered a generalization of models written in similar formalisms since concepts devised and findings proven for XM form a solid theoretical framework, which can be adapted to other, more tool-oriented methods. XM have other significant advantages. Firstly, XM provide a mathematical modelling formalism for a system. Consequently, a model checking method for X-machines is devised that facilitates the verification of safety properties of a model. The X mCTL language apart from the usual CTL operators, includes operators that deal with memory values (properties) of the machines [17]. Though up to know, only individual XM models may be verified, ongoing research is being conducted towards finding ways for model checking CXM Systems. This would facilitate the verification of properties that a collection of individuals exhibits as a whole. In addition, XM offer a strategy to test the implementation against the model, which is a generalization of W-method for FSM testing. The testing

130

P. Kefalas, I. Stamatopoulou, and M. Gheorghe

strategy generates all test cases for a given model and therefore it is guaranteed to determine correctness if certain assumptions in the implementation hold [18]. A modelling language, called XMDL, is devised, which is a tagged language with appropriate syntax and semantics in order to develop XM models and CXM systems. The process of doing this is incremental, without loss of any description developed at an earlier stage. That is, if the aim is to develop a communicating system, the individual types of models are build first, they are validated and tested, and then the instances of those types as well as their communication interface are added on top later on. This is a disciplined approach that leads towards a specific methodology of developing XM models, and resembles existing bottom-up methodologies used to develop multi-agent systems [22]. Finally, a number of tools around XMDL have also been developed [23], with most prominent the one that compiles XMDL to Prolog and animates the model through a sequence of inputs. This was proven particularly useful to understand the computation of models and informally validate whether the right model for a particular system was developed.

7

Conclusions

We have presented an extension of communicating X-machines that is able to facilitate formal modelling of multi-agent systems through the use of rules that invoke operators that change the system structure and behaviour. We are currently working on implementing those features on top of existing tools and develop alternative hybrid formal models, inspired by membrane computing. We have also been experimenting with the compilation of a particular class of XM to NetLogo [24], which will give a clearer picture of the animation in terms of a two-dimensional movement and interaction of simple agents.

References [1] Kefalas, P., Holcombe, M., Eleftherakis, G., Gheorge, M.: A formal method for the development of agent-based systems. In Plekhanova, V., ed.: Intelligent Agent Software Engineering. Idea Publishing Group Co. (2003) 68–98 [2] Holcombe, M.: Computational models of cells and tissues: Machines, agents and fungal infection. Briefings in Bioinformatics 2 (2001) 271–278 [3] P˘ aun, G.: Computing with membranes. Journal of Computer and System Sciences 61 (2000) 108–143 Also circulated as a TUCS report since 1998. [4] Banatre, J., Le Metayer, D.: The gamma model and its discipline of programming. Science of Computer Programming 15 (1990) 55–77 [5] Berry, G., Boudol, G.: The chemical abstract machine. Journal of Theoretical Computer Science 96 (1992) 217–248 [6] d’Inverno, M., Kinny, D., Luck, M., Wooldridge, M.: A formal specification of dMARS. In Singh, M.P., Rao, A., Wooldridge, M.J., eds.: Intelligent Agents IV. Volume 1365 of Lecture Notes in AI. Springer-Verlag (1998) 155–176 [7] Rosenschein, S.R., Kaebling, L.P.: A situated view of representation and control. Artificial Intelligence 73 (1995) 149–173

A Formal Modelling Framework for Developing Multi-agent Systems

131

[8] Brazier, F., Dunin-Keplicz, B., Jennings, N., Treur, J.: Formal specification of multiagent systems: a real-world case. In: Proceedings of International Conference on Multi-Agent Systems (ICMAS’95), MIT Press (1995) 25–32 [9] Benerecetti, M., Giunchiglia, F., Serafini, L.: A model-checking algorithm for multi-agent systems. In Muller, J.P., Singh, M.P., Rao, A.S., eds.: Intelligent Agents V. Lecture Notes in Artificial Intelligence. Springer-Verlag (1999) 163–176 [10] Attoui, A., Hasbani, A.: Reactive systems developing by formal specification transformations. In: Proceedings of the 8th International Workshop on Database and Expert Systems Applications (DEXA 97). (1997) 339 – 344 [11] Fisher, M., Wooldridge, M.: On the formal specification and verification of multiagent systems. Intern. Journal of Cooperating Information Systems 6 (1997) 37–65 [12] Odell, J., Parunak, H.V.D., Bauer, B.: Extending UML for agents. In: Proceedings of the Agent-Oriented Information Systems Workshop at the 17th National conference on Artificial Intelligence. (2000) 3–17 [13] Rouf, C., Vanderbilt, A., Truszkowski, W., Rash, J., Hinchey, M.: Verification of NASA emergent systems. In: Proceedings of the 9th IEEE International Conference on Engineering Complex Computer Systems (ICECCS’04). (2004) 231–238 [14] Eilenberg, S.: Automata, Languages and Machines. Academic Press (1974) [15] Holcombe, M.: X-machines as a basis for dynamic system configuration. Software Engineering Journal 3 (1988) 69–76 [16] Kefalas, P., Eleftherakis, G., Kehris, E.: Communicating X-machines: A practical approach for formal and modular specification of large systems. Journal of Information and Software Technology 45 (2003) 269–280 [17] Eleftherakis, G.: Formal Verification of X-machine Models: Towards Formal Development of Computer-based Systems. PhD thesis, Department of Computer Science, University of Sheffield (2003) [18] Holcombe, M., Ipate, F.: Correct Systems: Building a Business Process Solution. Springer-Verlag, London (1998) [19] Bernandini, F., Gheorghe, M.: Population P Systems. Journal of Universal Computer Science 10 (2004) 509–539 [20] Kefalas, P., Eleftherakis, G., Holcombe, M., Stamatopoulou, I.: Formal modelling of the dynamic behaviour of biology-inspired agent-based systems. In Gheorghe, M., ed.: Molecular Computational Models: Unconventional Approaches. Idea Publishing Inc. (2005) 243–276 [21] Emerson, E.A., Clarke, E.M.: Characterising correctness properties of parallel programs as fixpoints. In: Proceedings of the 7th International Colloquiurn on Automata, Languages and Programming. Volume 85 of Lecture Notes in Computer Science. Springer-Verlag, New York (1981) 169–181 [22] Collinot, A., Drogul, A., Benhamou, P.: Agent oriented design of a soccer robot team. In: Proceedings of the 2nd Intern. Conf. on Multi-Agent Systems. (1996) 41–47 [23] Kefalas, P., Eleftherakis, G., Sotiriadou, A.: Developing tools for formal methods. In: Proceedings of the 9th Panhellenic Conference in Informatics. (2003) 625–639 [24] Wilensky, U.: Netlogo. http://ccl.northwestern.edu/netlogo. Center for Connected Learning and Computer-based Modeling. Northwestern University, Evanston, IL. (1999)