Supporting Assumption-Based Reasoning in a Distributed ... - CiteSeerX

Supporting Assumption-Based Reasoning in a Distributed Environment Clemens Beckstein, Robert Fuhge

University of Erlangen, IMMD-8 (Computer Science, AI Department) Am Weichselgarten 9, D-8520 Erlangen, Germany Email: fclemens,[email protected]

Gerhard Kraetzschmar

Bavarian Research Center for Knowledge Based Systems (FORWISS) Am Weichselgarten 7, D-8520 Erlangen, Germany Email: [email protected]

Abstract

Within the pede project we investigate the generation and execution of plans in distributed environments. As our approach is based on multi-agent systems with some or all agents performing assumption-based reasoning, we ran into the distributed belief revision problem. In order to build planning and executing agents that are able to safely perform their tasks in a highly dynamic environment, a mechanism to support the revision of decisions is required. Reason maintenance techniques are a standard approach to solve this problem, but currently available technology for the distributed case has proven inadequate for the pede domain. The new architecture presented in this paper { darms { is a true extension of deKleer's atms to multi-agent scenarios and provides exible support for revisable reasoning in distributed environments.

1 Decision making in PEDE domains The pede1 project studies techniques to improve the ecient generation and fail-safe execution of plans in distributed, highly dynamic environments. In a pede domain, we typically have several planning agents (planners) and a potentially large number of executing agents (executers), for instance humans, machines, robots, and autonomous transport devices. The decisions made by planners as well as the actions performed by the executers depend on the planners' knowledge of the world state at planning time (e.g. delivery dates for parts) and on information communicated by other agents (e.g. availability of machines, tools, or parts at a speci c place at a particular time). Furthermore, many planners must make assumptions about future states of the world in order to make planning decisions. If the world state changes in an unexpected way, or an informationproviding agent revises its information, or assumptions made at planning time do not hold at execution time, plans will not be safely executable and the executers will run into failure. To ensure safe execution of plans, planners need to revise their decisions as soon as changes to the underlying planning decisions become known and to propagate the eects to other agents. Without taking special measures, an agent updating information and revising its decisions does not know whether the changes aect any other agents, what other agents are aected and how 1

pede = Planning and Execution in Distributed Environments

1

they are aected. It must maintain internal data structures for computing the eects of local decision revisions on other agents. These data structures are used to represent what information has been received from or sent to what other agents, what the status of the information was, and how it was used in making local decisions. Thus, the distributed decision revision task places a major burden on agents by complicating their internal control structures and increasing the communication load, especially if such changes occur frequently. A general mechanism for decision revision is desirable, which could be used for building agents performing some kind of revisable reasoning. This mechanism would render decision revision a mostly subconscious task to the agent and therefore free the agent from most of its responsibilities during the revision process. Reason maintenance systems2 (rmss, see [10], [4], [3]) are the standard technique for supporting decision revision and have been successfully applied to planning in the single agent case (see cf. [1], [8]). In this paper, we propose an extension of reason maintenance techniques in order to solve the decision revision problem for the multi-agent case. We show, that existing distributed reason maintenance systems (such as dtms[7] and datms[9]) exhibit major shortcomings when applied to the pede domain, and identify some essential features required for a system suitable for the multiagent case. We then present darms, a general tool to support revisable reasoning in distributed environments. It has been designed to avoid the shortcomings of the systems already known and to provide the functionality required for the pede domain.

2 Using reason maintenance techniques for decision revision

Basic idea The basic idea of using reason maintenance techniques for decision revision is very simple. A reasoning system (e.g. a planner) is structured into two interacting components: a problem solver (ps), which does the actual reasoning (planning), and a reason maintenance system (rms), which frees the problem solver from low-level reasoning activities. The typical functionality of an rms includes recording important problem solver data (beliefs, often referred to as facts), performing simple inference steps for the problem solver, alerting the problem solver in exceptional situations (inconsistent sets of assumptions), and producing explanations for derived information. The rms can do this only if the problem solver informs it about relevant data together with the underlying assumptions and justi cations (dependencies). Relevant data include data (beliefs) derived by the ps using certain assumptions as well as observations that certain combinations of assumptions are incompatible (corresponding sets of assumptions are called NOGOODs). RMS terminology An rms uses nodes to explicitly represent problem solver data (propositions,

assumptions). Nodes are linked by justi cations, which represent how nodes depend on other nodes. The structure of nodes and justi cations is called a dependency net. A set of distinguished nodes, called assumption nodes, which are not justi ed by other nodes, represents assumptions made by the problem solver. Inconsistent sets of assumptions (NOGOODs) are either stored in tables or via distinguished nodes (NOGOOD nodes), which represent data the ps does not want to ever become believed. The rms is obliged to alert the ps in case belief in a NOGOOD node is entailed by the current rms data. The most important question a problem solver can ask its rms is, whether a given proposition holds wrt. a given set of assumptions (whether it is derivable from this set of assumptions and the justi cations known to the rms). In order to answer, the rms must compute `, the derivability relation induced by the justi cations, which can require substantial computational eort. In order 2

Also referred to as tmss, which stands for Truth Maintenance Systems

2

to do this eciently, the rms labels nodes according to their belief state and uses the labels to incrementally compute the belief state of other nodes. Therefore, deciding derivability usually requires only a look-up of the label for the node representing the proposition. If changes are made to the dependency net, the rms updates the labels by propagating the eects of the changes through the net. The propagation algorithm also ensures that the dependency net it maintains never becomes inconsistent (no NOGOOD node must be believed). The transitive closure of ` on a set of assumptions is called a context. An rms can be classi ed according to the number of contexts that it can simultaneously maintain. Justi cation-based rmss (jtms-type systems, [4]) can maintain only one context at a time { a node is labeled IN if it is currently believed (holds) or OUT if not. Assumption-based rmss (atms-type systems, [3]) allow for reasoning in multiple contexts simultaneously. An atms can maintain multiple contexts in parallel, because for a given node n it does not just record whether the node is currently believed or not, but all the currently known preconditions sucient for the belief in n. These preconditions are stored in compact form in the label lab(n). A label is a set of so called environments. Each environment represents a minimal set of assumptions that must be made in order for the node to hold. Thus, an atms node holds in a given context, if the context is consistent (none of the known NOGOODs is a subset of the context) and some environment in its label is a subset of the assumption set representing the context. The label propagation algorithm of the atms also ensures that the label of a node never contains an environment that is a superset of a NOGOOD.

3 Decision revision in multi-agent systems A system performing assumption-based reasoning should exhibit a two-level architecture consisting of problem solver and rms (Figure 1:b) rather than a monolithic system architecture (Figure 1:a). Using an rms has obvious advantages for building complex reasoning systems such as planners: there is a clean functional interface between problem solver and rms, the rms takes a signi cant work load from the problem solver, and allows for simpler control structures on the problem solver side by preventing it from becoming clobbered with lots of low-level details. Furthermore, there exist ecient implementations of both jtms-type and atms-type rmss. A multi-agent system3 is structured into some number of more or less autonomous agents. Some of them may work on their own problems, while others collaborate to solve a common problem. The agents communicate with each other in order to make use of other agents' knowledge of information or problem solving capabilities (Figure 1:c).

The distributed belief revision problem: Now let us assume that some agents need to make

assumptions, derive data based on such assumptions, and may later have to revise their reasoning. Through communication, assumptions and beliefs based on assumptions (referred to as revisable information) can be imported from and exported to other agents. These agents may use this information in further decision making, and thus, implicitly introduce dependencies on other agents' belief states. From a global system view, communication of revisable information causes several agents to have local copies of the same piece of information. The two fundamental problems then are to distinguish between local and communicated versions of the same piece of information and to keep all the local copies agents created after receiving some information consistent with the original. We call this problem the distributed belief revision problem. 3

See [2] for an introduction and overview.

3

a

c

PS

PS3

PS1 PS2 Agent X1

Agent

Agent X3 Agent X2

b

d PS3

PS

PS1

RMS

RMS1

PS2

Agent

Agent X1

RMS3 RMS2

Agent X3

Agent X2 e PS3

PS1 PS2

RMS3

RMS1 Agent X1

RMS2

Agent X3

Agent X2

Figure 1: From complex single agents to multiple rms-based agents A simple approach would be to use rms-based agents (Figure 1:d). However, as the usual rmss assume a single-agent scenario, they are not able to communicate with each other and do not provide any functionality to record what information has been sent to or received from which other agents. The ps must maintain additional data structures to hold this kind of information. Furthermore, its control structures must be changed, as for every single change in the rms the ps must compute the eects on the other agents and communicate the changes to them. This necessitates a much more complex ps design, and we lose most of the advantages we gained by giving an rms to each agent. Thus, we must take speci c measures to deal with the distributed belief revision problem. A more promising approach is to extend rms technology to the distributed case (distributed rms) in order to provide support for the multi-agent scenario. For example, one could add functionality that enables the problem solver to ask its own rms about what other agents believe. The rms then requests the appropriate information from the other agent's rms and records the result in its dependency net in a way that allows to locally answer later questions for the same information. In addition, the rms should establish a communication channel between itself and the other agent's 4

rms, that is used to exchange updates on the shared belief (Figure 1:e).

Following this scheme, we now have two levels of communication between agents: low-level communication between the rms modules of the agents and high-level communication between the problem solver parts of the agents. Most of the advantages in the single agent case carry over to multi-agent scenarios: the problem solvers are not burdened with nasty update tasks and can be of a much more simple design.

Distributed belief revision in PEDE domains: To solve the distributed belief revision problem in pede domains, we decided to apply mechanisms based on rms technology. However, as previously shown, rmss designed for single-agent systems need to be extended for multi-agent scenarios. A de nite requirement for an extended, distributed rms is support for the two-level architecture described above ( gure 1:e). The question is, what additional features we expect from a rms for multi-agent systems. The answer is dicult in general; a closer analysis of pede problems revealed some additional requirements for the pede domain:  multiple contexts: Reasoning in multiple contexts is needed. Therefore, jtms-type systems    

seem less attractive than atms-type rmss. ATMS compatibility: The full expressiveness of the atms should be provided. The functional interface should be (upward) compatible with the atms interface. local control: Updates in the distributed rms should be done separately by each agent's own rms module. There should be no necessity for any global update or con ict resolution algorithms, i.e. algorithms that force the whole agent system to stop temporarily and recompute belief states. autonomy of agents: Agents should be able to distinguish between own derivations and information received from other agents, i.e. they can recognize that dependencies involve external information. Also, agents should not be forced to change their beliefs or their context, if they merely handle information provided to or received from others (belief autonomy ).

exibility and extendability: The distributed rms should impose few restrictions and limitations on a multi-agent environment and yet provide basic, powerful functionality that supports the implementation of higher-level protocols for inter-agent communication.

4 Review of existing technology for distributed RMS Several systems supporting distributed reason maintenance have been described in literature:

dtms[7], brtms[6] and datms[9]. A review of their major features and capabilities revealed that none of them was well suited for the pede domain.

DTMS and BRTMS: Both the dtms and the brtms are distributed extensions of the jtms[4].

Therefore, each agent's rms can maintain only one context at a time. If information represented by rms-nodes is communicated, they are tagged as so-called shared nodes. Agents can have only one node for some piece of information p, and thus, cannot distinguish between what some other agent believes and what they themselve believe about p. Local-and-shared consistency is strived for on the global system level, meaning that each agent's rms must keep its dependency net locally consistent and all shared nodes representing a particular proposition p must have the same 5

belief state in all agents that communicated about p. Thus, shared nodes link the dependency nets of communicating agents together, as shared nodes are treated as if they were identical. A global label update algorithm ensures local-and-shared consistency by propagating label updates of shared nodes to all other agents4. Local-and-shared consistency means, that all agents that share (communicate about) some piece of information must agree on its belief state, i.e. these agents share a common partial context consisting of all the propositions they communicated about. The more agents communicate, the bigger the shared part will be. In the worst case this will end up in all agents sharing one huge shared context. Another problem arises, if agents disagree on the belief state of shared nodes. A global relabelling process, which is controlled by more or less blind backtracking, must resolve this con ict. This is not only extremely expensive, but also subject to serious termination problems. As con ict resolution caused by some other agent's reasoning may change the belief state of a shared node, further updates may be necessary in order to maintain local consistency. Thus, an agent's beliefs could be changed without the ps getting notice of it. The agent cannot even prevent this eectively. Neither the dtms nor the brtms can be considered well-suited for the pede domain as they do not support multiple contexts, have a notion of non-local control in their label propagation and con ict resolution algorithms, and compromise on the autonomy of agents by establishing a level of global consistency that is too strong for the pede domain.

DATMS: The datms[9] is claimed to be a distributed version of deKleer's atms. Indeed, the datms provides data structures for representing facts, assumptions, and justi cations. This data can be interpreted as a dependency net. The datms architecture assumes the existence of a

rule engine, which performs both problem solver reasoning steps as well as reason maintenance tasks. Thus, the datms does not help very much in maintaining such a clear-cut separation between problem solver and reason maintenance (both in terms of control as well as the underlying knowledge) as we were arguing for previously. Problem solver inference steps are performed by applying inference rules. The execution of an inference rule creates a new node representing the newly derived fact, establishes a justi cation for the new node corresponding to the inference rule, and once and for all computes a single set of assumptions as the node's label. The latter is possible, because facts are restricted to have one justi cation only. Therefore, no real reason maintenance in the common sense (updating labels of nodes in a dependency net) is performed. However, restricting nodes to have at most one justi cation makes reasoning in multiple contexts virtually impossible, at least for practical matters5. After each application of an inference rule, a set of TMS rules and a set of communication rules are applied to the dependency net. The antecedents of TMS rules are used to detect inconsistent situations. The consequent action CONTRADICT allows to declare a set of assumptions as inconsistent and to propagate this information to other agents as well. There is no built-in functionality to handle inconsistency, and relying on the TMS rule mechanism it is dicult and completely up to the user to implement a reasonable notion of inconsistency. Communicating revisable information is done by communication rules. An action is provided which eectively transmits a datms node to another agent, together with its corresponding assumption set. The receiving agent creates 4 The DTMS achieves this by rst nding a consistent labelling of all shared nodes and then completing local relabelling. 5 It is not totally impossible, but for each additional justi cation an additional node is required to represent some fact p. Also, all justi cations p is involved in need to be duplicated, creating additional nodes for all facts that depend on p, and so on. For example, given the justi cations A ) p, B ) p, C ) q, D ) q, and p; q ) r, the DATMS needs two nodes each for p and q and four nodes for r!

6

a new node in its own datms, thus keeping its own belief about some proposition apart from communicated beliefs. However, it is completely up to the ps to nd out that a local node and a node representing a communicated fact actually do represent the same proposition. Another restriction is that only facts that do not depend on communicated information may be sent to other agents. Agents may use communicated facts in their own reasoning process and derive new information, but this information can never be communicated to other agents. To summarize the arguments above, the datms can neither be considered to be upward compatible with the atms nor does it eectively support multiple contexts (much to our own surprise). The use of various kinds of rules and the dependence on an external rule engine, which is not described in [9], does not allow a clear statement about how control is distributed among the agents' datms modules. But that was not a positive argument for the datms either. Some features are only vaguely described in the paper and it seems unlikely, that the system could be easily and well adapted to the problems at hand in the pede domain.

5 DARMS: a new architecture for assumption-based reasoning in distributed environments As illustrated in the previous section, there exist only few distributed versions of rmss and none of them provides the functionality required by our application domain, e.g. eective support for managing multiple contexts. Therefore, we developed a distributed, assumption-based reason maintenance system, called darms, which has the basic machinery necessary for the pede domain and is exible enough to allow for easy implementation of higher-level inter-agent protocols.

A note on representation language: An important assumption underlying our approach is

that all agents basically use the same representation language (syntax and semantics) for beliefs (assumptions, propositions, justi cations). If communication is supposed to make sense, i.e. if agents are supposed to be able to correctly interpret and use information received from other agents, this assumption simply makes sense6 . Furthermore, we require all agents to agree on a common notion of normal form for propositions, i.e. they all map a (potentially large) number of logically equivalent propositions into the same syntactic form. These restrictions ensure that communicating agents know what they are talking about, and that they have a common \understanding" of the propositions they exchange.

5.1 Key ideas

Before describing architecture and functionality of darms in detail, we brie y introduce the key ideas for darms:

 two-level architecture support: The darms approach assumes that agents are structured

into a problem solving (ps) component and a darms module (see gure 1:e). Once a belief has been communicated initiated by ps$ps interaction, all further communication necessary to update belief states should be handled by darms$darms communication.  remote belief query capability: In order to maximize the amount of inter-agent communication that can be handled on the darms module level, the ps$darms interface is extended 6

Other approaches to distributed reason maintenance have more or less neglected this issue.

7

    

by a remote belief query capability, i.e. an agent's ps asks its associated darms module, if it wants to nd out what some other agent believes about some proposition. context management: As a darms module is supposed to answer queries (like \Does your ps currently believe p?") from other darms modules that involve the ps's current context (focus), the functionality of darms modules include a context management facility. The ps$darms interface has been extended to include functions for managing the focus. communicated nodes: darms modules use a new node type { communicated nodes { to represent other agents' beliefs, i.e. beliefs are kept separate and are not automatically merged into the the agent's own belief structures. update contract: An update contract is established between a darms module providing information (the belief state of a proposition) and the darms module receiving information. It ensures that the communicated node created by the receiving darms module will be updated whenever a change to the original node occurs. directed communication: Communication is asymmetric, i.e. a mutual exchange of belief states is not performed automatically. Receiving a proposition from another DARMS module does not require the recipient to send information on that proposition the other way around. sharing inconsistency: As all agents use the same representation language, there also is a common notion of inconsistency . Whenever agents detect inconsistent situations, the darms modules exchange the corresponding NOGOODs, if they believe the NOGOODs to be relevant to each other. NOGOODs relevant to an agent involve one or more assumptions occuring in labels of nodes communicated to that agent. Also, NOGOODs which make an environment of a communicated node inconsistent must be communicated to the sender of that node.

5.2 Architecture of DARMS modules

Each darms module is structured into three sub-modules  dependency net management,  context management and  communication and control. For the following discussion, we introduce two agents Xi and Xj . Also, we assume Xi and Xj each have declared a proposition p to be relevant, that Xi believes p if the assumptions A and B hold, and that Xj has asked its darms module whether Xi believes p.7

dependency net management: The dependency net module is very similar to that of an atms.

A new node type { communicated nodes { is used to locally represent communicated information. A communicated node also stores the agent it was received from, e.g. Xi :p. Communicated nodes may be used in the antecedent of justi cations, but not in the consequent. The darms module also ensures, that any unknown assumptions contained in the label of a communicated node will be locally represented8 . There is no mechanism to automatically link a communicated node Xi:p 7 8

For convenience, we will often write Xi or Xj when we actually mean their darms modules. However, the local system is not forced to include any of these new assumptions in its focus.

8

with the node p representing the agent's own belief about the proposition at hand. Higher level protocols can easily provide such functionality in order to implement shared belief (see below) or various mechanisms for trust, for example. The data structure for darms nodes has been extended to include receivers, a represention of the set of agents the node has been communicated to (fXj g in node p of Xi's darms module). This set serves to nd out, which agents are to be informed in case of label updates to the node. At present, we assume that communicated information is not passed on to other agents, i.e. an agent does provide other agents only with locally derived information9 . Thus, receivers of communicated nodes will usually be empty.

context management: The context management facility manages the agent's own current con-

text focusX and two tables of assumption sets. The rst is a reduced context table , which is indexed by agents. For each agent that Xi has received information from, the darms module maintains an entry in the table that represents the other agent's reduced focus, written as contX (Xj ). Simply speaking, the reduced focus contains only those assumptions in focusX , which occur at least once in a label of any communicated node Xi received from Xj . By using the reduced focus of Xj , Xi can determine for any communicated node received from Xj by local label lookup, whether Xj currently believes the data represented by the node or not. This is possible because whenever Xj modi es its focus, it determines whether any other agents, e.g. Xi , are aected and sends a message to update the reduced focus. In order to provide this capability, darms modules must keep track of the set of assumptions relevant to some other agent, which are exactly those assumptions that occur in nodes that have been communicated to this agent. We denote this set of communicated assumptions by comm-assX (Xi). In the example above, agent Xi needs to know that assumptions A and B are relevant to agent Xj . This information is stored in a communicated assumptions table , which is indexed by agents. i

i

j

j

communication and control: Finally, the communication and control unit coordinates depen-

dency net management module and context management facility, provides the necessary functional interface (adding data to the net, changing the focus, etc.) to the problem solver, and handles all communication with other darms modules. It also provides translation of propositions to normal form, which is used whenever propositions must be passed back to the problem solver or to other darms modules.

5.3 Functional interface and DARMS behavior

darms extends traditional atms functionality mainly in two ways: it provides functions to manage the focus and functions with an additional agent parameter. The former allows us { as darms maintains the agent's focus { to provide query functions without an assumption set parameter; they can be viewed as traditional atms queries with the focus as default assumption set. The latter provides remote belief query capability, because the problem solver can ask its own darms about other agents beliefs and the darms module handles all necessary communication. The functionality of the problem solver interface of darms is speci ed in [5] and cannot be fully described here. To illustrate the behavior of darms modules we describe

9 Note, however, that in contrast to the datms, we allow any locally derived information to be communicated, even if it depends on communicated information. Also, passing on communicated nodes is not strictly forbidden; it simply does not make much sense.

9

 how a remote belief query is handled and  how inconsistency is dealt with.

remote belief query: Let us suppose the above example involving darms modules Xi and Xj

and their associated problem solver psX and psX , but without p already being communicated. Suppose psX asks Xj , whether psX currently believes p. Xj checks its dependency net, nding out that it does not have a communicated node Xi :p yet. It sends a sp-request message10 to Xi . Without interrupting psX , Xi looks up it's node representing p, adds Xj to receivers of node p, retrieves the label of p, and sends it via a sp message to Xj . Furthermore, Xi checks it's communicated assumptions table, nding no entry comm-assX (Xj ) for Xj yet. Thus, a new entry is created, which is a list representing the union of all environments in p's label. Finally, it produces a reduced focus by intersecting comm-assX (Xj ) with its own current context, focusX ,and sends it to Xj using a update-context message. On receiving the sp message from Xi , Xj creates a communicated node Xi :p using the label provided in the message. It also checks all the assumptions in the label received and creates any new assumptions it has not seen before. On receiving the update-context message, it adds an entry to the reduced context table. This entry is used to locally determine the result of the problem solver's query whether Xi currently believes p by checking whether some environment in the label is a subset of the reduced context. In Xi has been established all information necessary to provide Xj with update information if local changes occur: If the node is relabelled, it can look up the node's set of receivers and send all of them an update-sp message. Also, it needs to update the communicated assumptions entries for all agents in receivers, if relabelling causes any new assumptions to occur in the node. If the problem solver changes its focus, the entries in the communicated assumptions table are used to nd out, which agents must be informed via an update-context message. In Xj a local representation for psX 's belief state of p and for the relevant part of psX 's focus have been established. i

j

j

i

i

i

i

i

i

i

inconsistency: The previous discussion is in fact not quite complete as it neglects how inconsistent situations (NOGOODs) are dealt with. If an agent detects a NOGOOD that is inconsistent with an environment in the label of a communicated node Xj :p, then this NOGOOD must be communicated to Xj . As discussed previously, NOGOODs relevant for another agent are also communicated to that agent. A NOGOOD of agent Xi is relevant for an agent Xj if it involves one or more assumptions occuring in the label of any node communicated from Xi to Xj . Xi can eciently nd the NOGOODs ng-comm X (Xj ) relevant for Xj by intersecting each known NOGOOD with comm-ass(Xj ). Any NOGOOD resulting in a non-empty intersection is relevant and must be communicated to Xj . To summarize: an agent Xi communicates a NOGOOD to Xj in the following situations:  After communication from Xi to Xj , agent Xi recomputes the vector of communicated assumptions comm-ass X (Xj ). This may give rise to new NOGOODs relevant for Xj .  Whenever Xi updates the label of a node communicated to Xj , it must check for new NOGOODs relevant for Xj .  If Xi detects a NOGOOD in the label of a communicated node Xj :p, then this is a NOGOOD relevant for Xj .  Whenever Xi locally derives a new NOGOOD, it checks whether it is relevant for another agent or occurs in the label of any communicated node. i

i

10

sp = sucient preconditions

10

 Agents also check the reduced context table for NOGOODs, because a NOGOOD could be in a

reduced focus, but not occur in any communicated label. In contrast to the usual approach of striving for various degrees of shared consistency, the above measures impose a strict notion of inconsistency. Although agents may arbitrarily disagree otherwise (how propositions are justi ed, what assumptions to make) they may not do so when it comes to inconsistent information. If an agent actually derives a set of assumptions to be inconsistent, basically all others have to accept the corresponding NOGOOD.

5.4 Formal speci cation of DARMS

This section provides a formal speci cation for darms, which consists of two de nitions. The rst one formally speci es the functionality by de ning the derivability relation for a communicating, assumption-based reasoner. This derivability relation is very similar to the derivability relation for a simple assumption-based reasoner (see deKleer[3]), but accounts for communication by introducing modal operators. The second de nition speci es a set of integrity constraints, which the data structures used by darms must meet in order to correctly implement the derivability relation.

derivability in communicating agents: The basic question an assumption-based reasoner is

supposed to answer is whether a given proposition holds wrt. a given context represented by a set of assumptions (also called environment). In order to produce an answer, the reasoner must compute a derivability relation `. In a simple, non-communicating, assumption-based reasoner as assumed e.g. in deKleer's atms, the derivability relation is de ned as follows:

De nition 5.1 (single-agent derivability relation `) Let P be the set of propositions in some language L and X be an agent with a set of justi cations J UST of the form (x1 ; : : :; xk ) y ) with y 2 P and xr 2 P for 1  r  k. X can derive a proposition p from a set of assumptions U (characterizing a context), written J UST ` U ?! p, if there is a sequence of sets S1 ; : : :; Sm such that S1 = U , Sl+1 = Sl [ fy j 9 (x1; : : :; xk ) y) 2 J UST ^ (8 r)[1  r  k ^ xr 2 Sl]g and p 2 Sm . In the distributed case, we must take account for communication. We do this by introducing a modal operator Xj for each agent. Thus, Xj :p is used to represent agent Xj 's belief of p (communicated belief ). Justi cations may refer to communicated beliefs in their antecedents, but not in their consequent. The derivability relation of a communicating, assumption-based reasoner Xi, written `X , is given by the following de nition. i

De nition 5.2 (multi-agent derivability relation `X ) Let P be the set of propositions in some language L. Let X := fXi j 1  i  ng be a set of n agents, each of which is characterized by a tuple hCOMMX ; J UST X i, where COMMX is a set of communicated beliefs Xj :p with Xj 2 X ; j = 6 i and p 2 P , and J UST X is a set of local justi cations of the form (x1; : : :; xk ) y) with y 2 P and [xr 2 P _ xr 2 COMMX ] for 1  r  k. An agent Xi with local justi cations J UST X and communicated beliefs COMMX can locally i

i

i

i

i

i

i

derive a proposition p from a set of assumptions U , written

11

i

(COMMX ; J UST X ) `X U ?! p, if there is a sequence of sets S1 ; : : :; Sm such that S1 = U [ fXt:q j Xt:q 2 COMMX ^ ((COMMX ; J UST X ) `X U ?! q)g Sl+1 = Sl [ fy j 9(x1; : : :; xk ) y) 2 J UST X ^ (8 r)[1  r  k ^ xr 2 Sl]g i

i

i

t

i

p 2 Sm

t

t

i

Hence, a proposition p holds wrt. a given context, if it is derivable from this context, the currently known local justi cations and those propositions known from other agents that these agents are able to derive from the given context. The above de nition also speci es the condition for an agent Xi to derive a communicated belief Xj :p, which is stated more explicit in the following remark.

Remark 5.1 (derivability of a communicated belief) An agent Xi can derive a communicated belief Xj :p, written

(COMMX ; J UST X ) `X U ?! Xj :p i agent Xj can derive p, i.e. (COMMX ; J UST X ) `X U ?! p i

i

j

j

i

j

Computing the derivability relation every time a query is posed requires substantial computational eort and a full- edged theorem prover that must construct a proof tree. In the distributed case, substantial communication overhead is involved and a simple query can invoke proof procedures in several reasoners. An (atms-type) rms can do this much more eciently by maintaining a dependency net and performing label propagation; it can answer the query by simply checking subset relationships (if any environment in the node's label is a subset of the context, the answer to the query is positive). For the labels used in the atms, deKleer has speci ed four integrity constraints that guarantee well-formedness of labels. darms uses equivalent constraints by extending them to communicated nodes. Furthermore, darms must ensure certain inter-agent constraints between the darms modules, which is achieved by another four integrity constraints. In the following de nition, let the sets P ; X ; COMMX ; J UST X be just as in de nition 5.2. i

i

De nition 5.3 (DARMS integrity constraints) Let A  P be all the assumptions known to any agent in X . Also, for Xi , let labX (p) be the label of the node representing p (consisting of a set of environments U  A), nogoodsX be Xi's nogood table, and focusX be its current context. i

i

i

Furthermore, for any two agents Xi and Xj , let sp-commX (Xj ) be the set of propositions that Xi transmitted to Xj , comm-assX (Xj ) be the set of relevant assumptions that Xi transmitted to Xj , ng-commX (Xj ) be the set of relevant NOGOODs that Xi transmitted to Xj and contX (Xj ) be Xi's reduced focus of Xj . Then, the following integrity constraints must hold for a set of darms modules: i

i

i

i

1. consistency: 8U 2 labX (p); 8N 2 nogoodsX : N 6 U i

i

2. soundness:

8U 2 labX (p) : (COMMX ; JUST X ) `X U ! p i

i

i

i

3. completeness: 8U  A : [(8N 2 nogoodsX : N 6 U ) ^ ((COMMX ; JUST X ) `X U ! p)] ?! 9U 0 2 labX (p) : U 0  U i

i

i

i

12

i

4. minimality:

8U1; U2 2 labX (p) : U1  U2 ?! U1 = U2 i

5. correctness of communicated node labels: 8p 2 sp-commX (Xj ) : labX (p) = labX (Xi:p) i

i

j

6. exchange of relevant context information: 8A 2 comm-assX (Xj ) : (A 2 focusX ! A 2 contX (Xi)) i

i

j

7. correctness of communicated contexts: 8N 2 nogoodsX : N 6 focusX ^ N 6 contX (Xj ) 8. exchange of relevant NOGOODs : 8N 2 ng-commX (Xj ) : (9N 0 2 nogoodsX ^ N 0  N ) i

i

i

i

j

Consistency ensures, that no environment in the label is inconsistent. Soundness ensures, that a node can be derived from every environment in its label. Completeness ensures that for any context, which allows to derive a node, there is an environment representing this context in the node's label. Minimality ensures that the environments of a node label do not contain assumptions that could be left out and still allow to derive the node from the environment. Strictly speaking, minimality is not a necessary requirement, but it is useful for eciency reasons. The correctness of communicated labels ensures that the label of a communicated node is always the same as the label of the original node. Exchange of relevant context information ensures that an agent receiving information always knows the relevant part of the sending agent's focus. All assumptions occurring in any environment of any label communicated from the sending to the receiving agent are relevant. Correctness of communicated contexts ensures, that the discovery of inconsistencies in a communicated context is propagated to the agent which owns this context. The focus of the own problem solver is also checked for NOGOODs to prevent the ps from reasoning in an inconsistent focus. Finally, exchange of relevant NOGOODs ensures, that all NOGOODs relevant for another agent are communicated to this agent. If the darms data structures as described in the previous sections meet these eight integrity constraints, the subset test in darms eectively computes the derivability relation for a communicating, assumption-based reasoner `X . The formal speci cation of darms allows us to conclude the following propositions: i

Proposition 5.1 (ATMS expressiveness) darms has at least the expressive power of an atms. Proof 5.1 The proof is trivial: Assume a single darms-based agent Xi that does not communicate at all, i.e. COMMX = . The rst four integrity constraints are equivalent to deKleer's i

constraints for atms labels. Thus, darms is at least as restrictive as the atms. The other four constraints are trivially met, as the sets of communicated propositions, communicated assumptions, communicated contexts and reduced focus are all empty. Hence, darms is no more restrictive than the atms. Thus, any darms is at least atms-expressive.2

Often, agents want to merge beliefs received from other agents. A simple way to (unconditionally) believe p whenever some agent Xj believes p is to create a justi cation from node Xj :p to node p. In this case, we can conclude the following proposition:

Proposition 5.2 (belief merge) If an agent Xi has a communicated node Xj :p and adds the justi cation Xj :p ) p, then it will believe p at least in all contexts, in which agent Xj believes p. 13

Proof 5.2 8p 2 sp-commX (Xi) : U 2 labX (p) =) (9U 0 2 labX (p) ^ U 0  U ) 2 j

j

i

We can now state the following proposition about cycles in communication of propositions.

Proposition 5.3 (cyclic communication) Let p be a proposition and hXii0in?1 with n  2 be a sequence of agents such that for all 0  i  n ? 1: Xi mod n has communicated p to X(i+1) mod n and X(i+1) mod n has recorded a justi cation Xi mod n :p ) p, i.e. there is cyclic communication wrt. p, then all these agents completely agree on p: for all 0  i; j  n ? 1: labX (p) = labX (p) i

j

Proof 5.3 The proof is by induction on the length n for sequences of agents. Since X0 and X1 are merging their communicated beliefs, we have for n = 2: 8U 2 labX0 (p) : (9U 0 2 labX1 (p) ^ U 0  U ) and 8U 0 2 labX1 (p) : (9U 2 labX0 (p) ^ U  U 0 ). Therefore labX0 (p) = labX1 (p). Hence, cyclic communication of a proposition p in darms is essentially the same as establishing a shared node for p in the dtms.

6 Conclusions

Summary: We identi ed the distributed decision revision problem. This problem exists in dis-

tributed environments when agents communicate revisable information and make decisions based on such information. Many DAI applications exhibit exactly these characteristics. Reason maintenance techniques are a standard technique to support decision revision. Using common rmss for single agents provides no acceptable solution for the distributed belief revision problem, as their lack of support for communicating revisions compromises on the two-level architecture and imposes severe control problems for the problem solver components. A few systems designed for the distributed case have been reviewed, but none of them provides true support for multiple context reasoners. Hence, there was a need for developing a new system that avoids the shortcomings identi ed in the existing approaches.

Contributions: We proposed darms as a solution to the distributed belief revision problem for

multiple-context reasoners. Key issues in the design were support for a two-level architecture in distributed environments, comprising of a problem solver level and a darms module level, the capability to maintain multiple contexts, atms expressiveness, local control and belief autonomy. Key ideas in darms architecture are the communicated node concept, that is used to separate communicated from local beliefs, adding context management, which allows to implement the remote belief query capability, and the notion of shared inconsistency. The architecure of darms was described and the functional interface and behavior of darms was illustrated by an example of a remote belief query and the handling of inconsistency. A formal speci cation of darms was given. We could also show, that darms is a true extension of the atms, and that it can implement the shared node functionality as de ned in the dtms.

Implementation and Application: An implementation of darms is under construction. The algorithm for distributed label propagation has been worked out and shown to satisfy constraints 1-8. It is a straightforward extension of deKleer's algorithm for propagating label dierences in single dependency nets. Details can be found in [5]. Applications of darms in the pede and other projects are planned and depend on the implementation becoming available. A serious evaluation of both eectiveness and eciency of darms is 14

planned using pede-lab[11], an environment for performing tests and experiments with distributed applications within a well-de ned simulative environment, that supports inter-agent communication and allows for the simulation of various environmental conditions.

Future work: Future work on darms includes adding CHOOSEs, allowing for the retraction of

justi cations and garbage collection, and providing support for the representation of temporal data as used e.g. in plan representations.

References [1] Beetz, M.; Lindner, M.; Schneeberger, J.: Temporal Projection for Hierarchical, Partial-Order Planning. In: Tenth National Conference on Arti cial Intelligence, Workshop on Implementing Temporal Reasoning, July 1992. [2] Bond, A.; Gasser, L.: Readings in Distributed Arti cial Intelligence. Morgan Kaufmann, 1988. [3] deKleer, J.: 1. An Assumption-based TMS, 2. Extending the ATMS, 3. Problem-Solving with the ATMS. AI-Journal, 28:127{224, 1986. [4] Doyle, J.: A Truth Maintenance System. AI-Journal, 12:231{272, 1979. [5] Fuhge, R.: Verteilte Begrundungsverwaltung. Studienarbeit, Universitat Erlangen-Nurnberg, 1993. [6] Horstmann, T. C.: Distributed Truth Maintenance. Technical Report D-91-11, Deutsches Forschungszentrum fur Kunstliche Intelligenz GmbH, Kaiserslautern, 1991. [7] Huhns, M. N.; Bridgeland, D. M.: Distributed Truth Maintenance. In Dean, S. M., editor: Cooperating Knowledge Based Systems, pages 133{147. Springer Verlag, 1990. [8] Lindner, M.: ATMS-basierte Plangenerierung. Diplomarbeit, Intellektik/Informatik, Technische Hochschule Darmstadt, 1992. [9] Mason, C. L.; Johnson, R. R.: DATMS: A Framework for Distributed Assumption Based Reasoning. In Huhns, M. N.; Gasser, L., editors: Distributed AI Volume II, pages 293{317. Pitman Publishers London, 1989. [10] McDermott, D.: A general framework for reason maintenance. AI Journal, 50(3):289{329, 1991. [11] Reinema, R.: PEDE-lab Aufbau und Entwicklung einer Experimentierumgebung fur MultiAgenten-Systeme. Diplomarbeit, IMMD VIII, Universitat Erlangen, 1993.

15