operas: a framework for the formal modelling of multi-agent systems and its application to...
TRANSCRIPT
OPERAS: a Framework for the Formal
Modelling of Multi-Agent Systems and its
Application to Swarm-based Systems
Ioanna Stamatopoulou1, Petros Kefalas2 and Marian Gheorghe3
1 South-East European Research Centre, Thessaloniki, [email protected]
2 Department of Computer Science, CITY College, Thessaloniki, [email protected]
3 Department of Computer Science, University of Sheffield, [email protected]
Abstract. Swarm-based systems are a class of multi-agent systems(MAS) of particular interest because they exhibit emergent behaviourthrough self-organisation. They are biology-inspired but find themselvesapplicable to a wide range of domains, with some of them characterisedas mission critical. It is therefore implied that the use of a formal frame-work and methods would facilitate modelling of a MAS in such a waythat the final product is fully tested and safety properties are verified.In this paper, we present OPERAS, an open framework that facilitatesformal modelling of MAS. We describe how a particular instance of thisframework, namely OPERASXC , could employ existing formal methodsand integrate the most prominent characteristics of finite state machinesand biological computation systems, such as X-machines and P Systemsrespectively. We demonstrate how the resulting method can be used toformally model a swarm-based system of autonomous spacecrafts anddiscuss the flexibility and advantages of this approach.
1 Introduction
Despite the counter arguments which justifiably raise concerns about formalmethods, there is still a strong belief by the academic community that the de-velopment of mission critical systems demands the use of such methods for mod-elling, verification and testing. Opposition puts forward a significant drawback;the more complex a system is, the more difficult the modelling process turnsout to be and, in consequence, the less easy it is to ensure correctness at themodelling and implementation level. Correctness implies that all desired safetyproperties are verified at the end of the modelling phase and that an appropriatetesting technique is applied to prove that the implementation has been built inaccordance to the verified model.
Multi-agent systems (MAS) are complex software systems by default. Es-pecially when the agent society grows, interaction and communication increasewithin a complex structure which involves variety of knowledge, abilities, roles
and tasks. Nature seems to have found ways to deal with complex structures quiteeffectively. Consider, for example, biological systems from the smallest living el-ements, the cells, and how they form tissues in organisms to entire ecosystemsand how they evolve [1]. There is growing interest in investigating ways of speci-fying such systems. The intention is to create software that mimics the behaviourof their biological counterparts. Examples of biological systems of interest alsoinclude swarm-based systems, such as social insect colonies.
The promising feature is that these systems can be directly mapped to MASby considering each entity as an agent, with its own behavioural rules, knowledge,decision making mechanisms and means of communication with the other entitiesand with the environment. The overall system’s behaviour is merely the result ofthe agents’ individual actions, the interactions among them and between themand the environment. This also points to the issue of self-organisation and howcollective behavioural patterns emerge as a consequence of individuals’ localinteractions in the lack of knowledge of the entire environment or global control.
An additional modelling key aspect of swarm-based systems which has notreceived much attention and is not in essence dealt with by formal modellingtechniques is their dynamic nature and how their structure is constantly mu-tated. By structure we imply: (a) the changing number of agents, and (b) eithertheir physical placement in the environment (e.g spatial computing) or, moregenerally, the structure that is dictated by the communication channels amongthem.
Most modelling methodologies assume a fixed, static structure that is notrealistic (e.g. cellular and communicating automata), since communication be-tween two agents may need to be established or ceased at any point and also newagents may appear in the system while existing ones may be removed. One ad-ditional issue that the inherent dynamic nature of these systems raises has to dowith distinguishing between the modelling of the individual agents (behaviour)and the rules that govern the change in the structure of the collective MAS(structure mutation). This distinction, which would greatly assist the modellerby breaking down the work into two separate and independent activities, may beachieved by considering that each agent is wrapped by a separate mechanism: astructural mutator. Extending an agent with a kind of a wrapper is not a novelidea in MAS engineering though it has been primarily used for communicationpurposes and not in the context of formal specification. In this case, we referto a structural mutator as the independent part of the agent that is responsiblefor checking an agent’s internal computation state and its local environment inorder to determine whether a structural change in the system has to take place,might that be the addition/removal of communication channels or other agents.
The next section introduces OPERAS formal definition as a framework formodelling MAS, while Section 3 presents an instance of this framework, namelyOPERASXC which utilises existing formal methods in order to model MAS.A brief description of a representative case study dealing with a swarm-basedsystem follows in Section 4 which also deals with the formal model for the case
problem in question. Finally, Section 5 discusses issues arising from our attemptand concludes the paper.
2 OPERAS: Formal Modelling of MAS
2.1 Background and related work
In an attempt to formally model each individual agent as well as the dynamic be-haviour of the overall system, a formal method should be capable of rigorouslydescribing all the essential aspects, i.e. knowledge, behaviour, communicationand dynamics. There is a number of trade-offs on the use of formal methodsfor MAS. To name a few: (a) the level of abstraction should be appropriateenough to lead toward the implementation of a MAS but also be appropriateenough to mathematically express specifications that can lead to formal verifi-cation and complete testing, (b) there should be accompanying toolkits whichmake their adoption wider by researchers and industry but at the same timethe tools provided should not deviate from the theoretical framework, (c) theyought to provide means to efficiently define complex knowledge but also be ableto describe control over individual agent as well as MAS states, (d) the need tobe able to easily model individual agents but also to focus on the concurrencyand communication among them, etc.
A plethora of formal methods is available for use (Z, VDM, FSM, Petri-Nets, CCS, CSP), with none of them alone satisfying all the above mentionedcriteria. Other formal methods, such as π-calculus, mobile ambients and P Sys-tems with mobile membranes [2–4], successfully deal with the dynamic natureof systems and concurrency of processes but lack intuitiveness when it comesto the modelling of an individual agent (lack of primitives and more complexdata structures). Lately, new computation approaches as well as programmingparadigms inspired by biological processes in living cells, introduce concurrencyas well as neatly tackle the dynamic structure of multi-component systems (PSystems, Brane Calculus, Gamma, Cham, MGS) [5–7]. An interesting compar-ison of various formal methods for the verification of emergent behaviours inswarm-based systems is reported in [8].
In agent-oriented software engineering, several approaches using formal meth-ods have been proposed, each one focusing on different aspects of MAS develop-ment. Efforts have been directed toward moving to the implementation of a MASthrough refinement of the specification and developing proof theories for the ar-chitecture [9], capturing the dynamics of an agent system [10], putting emphasison capturing and controlling the system dynamics and acting behaviour of MAS[11], etc. Other approaches formally specify MAS and then directly execute thespecification while verifying important temporal properties [12] or guide througha prototyping process [13]. Less formal approaches, which accommodate the dis-tinctive requirements of agents, have been proposed [14]. Additionally, there isa set of general principles for capturing the organisational structure of MAS[15] which are however linked more to implementation [16] rather than formalmodelling.
2.2 OPERAS Definition
We start this section by providing the definition of a model for a MAS in itsgeneral form, as it is perceived from a formal modelling perspective. A Multi-Agent System can be defined by the tuple (O, P, E, R, A, S) containing:
– a set of reconfiguration rules, O, that define how the system structure evolvesby applying appropriate reconfiguration operators;
– a set of percepts, P , for the agents;– the environment’s model / initial configuration, E;– a relation, R, that defines the existing communication channels;– a set of participating agents, A, and– a set of definitions of types of agents, S, that may be present in the system.
More particularly:
– the rules in O are of the form condition ⇒ action where condition refersto the computational state of agents and action involves the application ofone or more of the operators that create / remove a communication channelbetween agents or introduce / remove an agent into / from the system;
– P is the distributed union of the sets of percepts of all participating agents;– R : A × A with (Ai, Aj) ∈ R, Ai, Aj ∈ A meaning that agent Ai may send
messages to agent Aj ;– A = {A1, . . . An} where Ai is a particular agent defined in terms of its
individual behaviour and its local mechanism for structure mutation;– Sk = (Behaviourk, StructureMutatork) ∈ S, k ∈ Types where Types is
the set of identifiers of the types of agents, Behaviourk is the part of theagent that deals with its individual behaviour and StructureMutatork isthe local mechanism for structure reconfiguration; each participating agentAi of type k in A is a particular instance of a type of agent: Ai = (Behk,
StrMutk)i.
The definition is general enough not to restrict any organisational structurethat might be considered for the implementation of a MAS.
2.3 OPERAS as an open framework
The general underlying idea is that an agent model consists of two parts, its be-haviour and its structural mutator. The behaviour of an agent can be modelledby a formal method with its computation being driven by percepts from the en-vironment. The structural mutator can be modelled by a set of reconfigurationrules which given the computation states of agents can change the structure ofthe system. The MAS structure is determined through the relation that definesthe communication between the agents. The set of participating agents are in-stances of agent types that may participate in the system. This deals with thefact that an agent may be present at one instance of the system but disappearat another or that a new agent comes into play during the evolution of the MAS.
This assumes that all agent types that may participate in the system should beknown in advance.
There are still some open issues which, however, make the OPERAS ap-proach a framework rather than a formal method. These are: (i) Which formalmethod may we use in order to model the agents’ behaviour? (ii) Which formalmethod may we use in order to model the structural mutator? (iii) Could themethods in (i) and (ii) be different? (iv) Should the behaviour models of theagents communicate directly or indirectly (implicitly, through percepts from theenvironment) with other agents’ behaviour models? (v) Should the structure mu-tation models of the agents communicate with other agents’ structure mutationmodels? (vi) Which method chosen from (i) or from (ii) drives the computa-tion of the resulting system? There is no unique answer to these questions butthe modelling solution will depend on the choice of formal methods which areconsidered suitable to model either behaviour or structure mutation.
It is therefore implied that there are several options which could instantiateOPERAS into concrete modelling methods. Regarding the modelling of eachtype of agent Sk, there are more than one options to choose from in order tospecify its behavioural part and the same applies for its structure mutationmechanism. We have long experimented with two formal methods, each one ap-propriate for the behaviour and structure mutation respectively. These methodsare X-machines with its communicating counterpart and Population P Systems(PPS) with active cells. Ad hoc integration of these two methods [17–19] gave ussome preliminary results which led us to the current combined approach we takefor OPERAS. It is interesting to notice that none of the two formal methodsby itself could successfully (or at least intuitively) model a MAS [17, 18]. This isalso true, although with better results, if we use only PPSs under the OPERASframework (OPERASCC) [20]. The problem still exists for other formal meth-ods too, which means the current framework gives the opportunity to combinethose methods that may be best suited to either of the two modelling tasks. Inthe following, we present an instance of OPERAS, named OPERASXC , thatuses CXMs and features from PPSs.
3 OPERASXC
3.1 Modelling behaviour
X-machines (XM), a state-based formal method introduced by Eilenberg [21], areconsidered suitable for the formal specification of a system’s components. StreamX-machines, in particular, were found to be well-suited for the modelling ofreactive systems. Since then, valuable findings using the X-machines as a formalnotation for specification, communication, verification and testing purposes havebeen reported [22–24]. An X-machine model consists of a number of states andalso has a memory, which accommodates mathematically defined data structures.The transitions between states are labelled by functions. More formally, a streamX-machine is defined as the 8-tuple (Σ ,Γ , Q, M,Φ, F, q0, m0) where:
– Σ and Γ are the input and output alphabets respectively;– Q is the finite set of states;– M is the (possibly) infinite set called memory;– Φ is a set of partial functions ϕ that map an input and a memory state to
an output and a possibly different memory state, ϕ : Σ × M → Γ × M ;– F is the next state partial function, F : Q×Φ → Q, which given a state and
a function from the type Φ determines the next state. F is often describedas a state transition diagram;
– q0 and m0 are the initial state and initial memory respectively.
X-machines can be thought to apply in similar cases where StateCharts andother similar notations do. In principle, X-machines are considered a generalisa-tion of models written in such formalisms.
In addition to having stand-alone X-Machine models, communication is fea-sible by redirecting the output of one machine’s function to become input toa function of another machine. The structure of a Communicating X-machinessystem is defined as the graph whose nodes are the components (CXM) andedges are the communication channels among them (Fig. 1). A formal definitionof CXMs can be found in [18].
Fig. 1. An abstract system consisting of two CXM components. Communication isestablished by redirecting the output of a function (� symbol) to another machine’sfunction which takes it as input (• symbol).
CXMs provide a straightforward way for dealing with an agent’s behaviour,however, the structure of a communicating system must be known beforehandand fixed throughout the computation.
3.2 Modelling structure mutation
A Population P System (PPS) [25] is a collection of different types of cells evolv-ing according to specific rules and capable of exchanging biological / chemicalsubstances with their neighbouring cells (Fig. 2). More formally, a PPS is definedas a construct P = (V, K, γ, α, wE , C
p1, C
p2, . . . , Cp
n, R) where:
– V is a finite alphabet of symbols called objects;
– K is a finite alphabet of symbols, which define different types of cells;
– γ = ({1, 2, . . . n}, A), with A ⊆ {{i, j} | 1 ≤ i 6= j ≤ n }, is a finite undirectedgraph;
– α is a finite set of bond-making rules;
– wE ∈ V ∗ is a finite multi-set of objects initially assigned to the environment;
– Cpi = (wi, ti), for each 1 ≤ i ≤ n, with wi ∈ V ∗ a finite multi-set of objects,
and ti ∈ K the type of cell i;
– R is a finite set of rules dealing with object transformation, object commu-nication, cell differentiation, cell division and cell death.
Transformation rules replace an object within a cell. Communication rulesallow the exchange of objects between neighbouring cells, or a cell and the envi-ronment, according to the cell type and the existing bonds among the cells. Celldifferentiation rules change a cell, transforming it into a cell of a new type. Celldivision rules divide a cell into two cells. Cell death rules cause the removal of acell from the system.
At each computation cycle, all rules regarding the transformation and com-munication of objects that may be applied in a cell are applied. Addition-ally, one out of the applicable cell differentiation, division or death rules, non-deterministically chosen, is also applied in each cell. When computation in allcells has finished, the graph is decomposed and restructured according to thespecified bond-making rules in α that define the conditions under which two cellsare able to communicate.
Fig. 2. An abstract example of a Population P System; Ci: cells, Ri: sets of rulesrelated to cells; wi: multi-sets of objects associated to the cells.
PPS provide a straightforward way for dealing with the change of a system’sstructure, however, the rules specifying the behaviour of the individual cells(agents) are more commonly of the simple form of rewrite rules which are notsufficient for describing the behaviour of the respective agent.
3.3 Definition of OPERASXC
We may now move on to a more formal OPERASXC definition that usesboth a CXM (indicator subscript X) and PPS-cell-inspired construct (indica-tor subscript C) for specifying each of the agents. An abstract example of anOPERASXC model consisting of two agents is depicted in Fig. 3.
Fig. 3. An abstract example of a OPERASXC consisting of two agents.
For the following, we consider that the computation state of a CXM describ-ing the behaviour of an agent is a 3-tuple Q × M × Φ that represents the statethe XM is in (qi), its current memory (mi) and the last function that has beenapplied (ϕi).
A MAS in OPERASXC is defined as the tuple (O, P, E, R, A, S) where:
– the rules in O are of the form condition ⇒ action where condition is aconjunction of (q, m, ϕ) and action involves the application of one or more ofthe operators attachment ATT and detachment DET, which reconfigure thecommunication channels among existing CXMs and generation GEN anddestruction DES, which generate or destroy an agent in/from the system.Additional communication rules also exist, as in PPS, so that there is indirectcommunication (through the environment) between the structural mutators(cells);
– P = PB ∪ PSM is the set of percepts of all participating agents, wherePB = Σ1 ∪ . . . ∪ Σt is the set of inputs perceived by the XM model of thebehaviour (subscript B) and PSM = (Q1×M1×Φ1)∪ . . .∪ (Q1×Mt×Φt) isthe set of objects (alphabet) of the PPS mechanism that captures structuremutation (subscript SM), t being the number of types of agents;
– E = {(q, m, ϕ)i|1 ≤ i ≤ n, q ∈ Qi, m ∈ Mi, ϕ ∈ Φi} holding informationabout the initial computation states of all the participating agents;
– R : CXM × CXM (CXM : the set of CXMs that model agent behaviour);– A = {A1, . . . , An} where Ai = (CXMk, Ck)i is a particular agent of type k
defined in terms of its individual behaviour (CXMk) and its local structuralmutator cell for controlling reconfiguration (Ck). The structural mutator cell
is of the form Ck = (wi, ok) where wi is the multi-set of objects it containsand ok ⊂ O is the set of rules that correspond to the particular type of agent,k;
– S = {(XTk, Ck)|∀k ∈ Type}, where XTk is an XM type (no initial state andmemory).
The above mentioned operators attachment ATT and detachment DET
have the same effect as the bond-making rules of a PPS, while the operatorsgeneration GEN and destruction DES, have the same effect as cell division ancell death of a PPS respectively. Formal definitions of these operators can befound in [26].
In this model, each structural mutator cell implicitly knows the computa-tion state (q, m, ϕ) of the underlying XM that models behaviour. Environmentalinput is directed straight to the agent’s behavioural part. In each computationcycle an input triggers a function of the behaviour CXM and the updated infor-mation about the agent’s current computation state is updated in the structuralmutator cell. A copy of the object is placed in the environment for other agentsin the local environment to have access to it. Objects from the environmentrepresenting the computation states of neighbouring agents are imported and fi-nally, all the reconfiguration rules in O of the type of the particular cell are beingchecked and if necessary applied. Since the model follows the computation rulesof a CXM system (triggered by the behaviour component’s input, asynchronouslyfor the different participating agents), computation of the behaviour-driven ver-sion of OPERASXC is asynchronous. In another version of OPERASXC , thecomputation is cell-driven, and therefore synchronous. A detailed and more for-mal analysis of the two versions, however, falls outside the scope of this paper.In addition, as said previously, other instances of OPERAS using these twomethods, such as OPERASCC , OPERASXX and OPERASCX are possiblebut rather cumbersome.
4 OPERASXC for a Swarm-based system
4.1 Autonomous Spacecrafts for Asteroid Exploration
A representative example of a system which clearly possesses all the afore-mentioned characteristics of a dynamic MAS is the NASA Autonomous Nano-Technology Swarm (ANTS) system [8]. The NASA ANTS project aims at thedevelopment of a mission for the exploration of space asteroids with the use ofdifferent kinds of unmanned spacecrafts. Though each spacecraft can be consid-ered as an autonomous agent, the successful exploration of an asteroid dependson the overall behaviour of the entire mission, as the latter emerges as a resultof self-organisation. We chose this case study because correctness of the systemhas been identified as a primary requirement. Relevant work on the particularproject included research on and comparison of a number of formal methods[8, 27], including CXMs.
The ANTS mission uses of three kinds of unmanned spacecrafts: leaders, L,(or rulers or coordinators), workers, W , and messengers, M (Fig. 4). The leadersare the spacecrafts that are aware of the goals of the mission and have a non-complete model of the environment. Their role is to coordinate the actions ofthe spacecrafts that are under their command but by no means should they beconsidered to be a central controlling mechanism as all spacecrafts’ behaviouris autonomous. Depending on its goals, a leader creates a team consisting of anumber of workers and at least one messengers. Workers and messengers areassigned to a leader upon request by (i) another leader, if they are not necessaryfor the fulfilment of its goals, or (ii) earth (if existing spacecrafts are not sufficientin number to cover current needs, new spacecrafts are allocated to the mission).
Fig. 4. An instance of the ANTS mission, L: Leader, W :Worker, M :Messenger.
A worker is a spacecraft with a specialised instrument able, upon requestfrom its leader, to take measurements from an asteroid while flying by it. It alsopossesses a mechanism for analysing the gathered data and sending the analysisresults back to its leader in order for them to be evaluated. This in turn mightupdate the view of the leader, i.e. its model of the environment, as well as itsfuture goals.
The messengers, finally, are the spacecrafts that coordinate communicationamong workers, leaders and the control centre on earth. While each messengeris under the command of one leader, it may also assist in the communication ofother leaders if its positioning allows it and conditions demand it.
What applies to all types of spacecrafts is that in the case that there isa malfunctioning problem, their superiors are being notified. If the damage isirreparable they need to abort the mission while on the opposite case they may“heal” and return back to normal operation.
4.2 Leader: Formal Modelling of Behaviour in OPERASXC
The leader agent L can be modelled as an XM, whose state transition diagramFL is depicted in Fig. 5. QL = {Processing, Malfunctioning, Aborting} is theset of states a leader may be in. Its memory contains information about itscurrent status (i.e. position and operational status), the IDs and statuses ofthe messengers and workers under its command, the analysis results up to thispoint, its current model of the surroundings as well as its goals: ML : Status ×P(M × Status) × P(W × Status) × AnalysisResults × Model × Goals whereStatus : (Z × Z × Z) × {QL} (Z being the set of positive integers, the 3-tupledenoting a position), P stands for power-set, M is the set of messengers, W isthe set of workers and so forth.
Fig. 5. State transition diagram of the Leader X-machine.
The input set for the leader XM is ΣL = {abrt, problem, remedy} ∪ (W ×Status)∪(W×Measurements)∪({request, requestFromEarth, requestedFor}× Instrument), where abrt, problem, remedy, request, requestedFor are con-stants and Instrument is the set of containing the different types of installedinstruments of the workers. The output set ΓL is a set of informative messages.
Indicatively, some of the functions in the ΦL set (functions are of the form:function(input, memory tuple) = (output, memory tuple′)) are:
acceptRequestForWorker ((requestedFor, instr), ( , , workers, , , )) =(′reassigned worker′, ( , , workers′, , , ))if (wi, ( , , instr)) ∈ workers
and isWorkerNeeded(wi) == false
where workers′ = workers\(wi, ( , , instr))
receiveWorker(wi, ( , , workers, , , )) =(′received worker′, ( , , workers ∪ (wi), , , ))
As mentioned above, modelling with XMs facilitates formal verification andtesting. XmCTL can verify models expressed as XMs against the requirements,
since it can prove that certain properties are true, which are implicitly definedover the memory of the XM [23]. For example, there exist a path in which aleader will accomplish all its goals and in all previous states the leader wasemploying at least one worker:
E[Mx(memL(3) 6= ∅) U Mx(memL(6) = ∅)]where mem(i) indicates the i-th variable in the memory tuple. In case the modelis used as a design for a possible implementation, it is also possible under certainwell defined conditions, to produce a test set that guarantees to determine thecorrectness of the implementation [24].
4.3 Worker: Formal Modelling of Behaviour in OPERASXC
The state transition diagram of the worker XM is depicted in Fig. 6. The in-ternal states in which a worker may be are QW = {Measuring, Analysing,
Malfunctioning, Aborting} and its memory holds information about its currentstatus (i.e. position, operational status and installed instrument), the identityand status of its commanding leader, the messengers which assist its commu-nication, the target asteroid, the data received from the measurements and theresults of the data analysis: MW : Status × (L × Status) × P(M × Status) ×T arget ×Measurements×AnalysisResults.
The input set is ΣW = {measure, analyse, send, abrt, problem, remedy} ∪(L × Status), where abrt, problem, remedy, measure, analyse and send areconstants. The output set ΓW is a set of informative messages.
Fig. 6. State transition diagram of the Worker X-machine.
Indicatively, some of the functions in the ΦW set are:
produceResults(analyse, ( , , , , meas, analysisResults)) =(′analysed′, ( , , , , ∅, analysisResults′)),where analysisResults′ = analysisMechanism(meas) :: analysisResults
sendResults(send, ( , , , , , res :: analysisResults)) =(′sent results′, ( , , , , , analysisResults))
leaveCurrentLeader((newLeader, st), ( , (leader, st0), , , , )) =(′been reassigned′, ( , newLeader, , , , ))
The model of the messenger agent is similarly created.
4.4 Formal Modelling of Structure Mutation in OPERASXC
According to OPERASXC , for the definition of the given system as a dynamicMAS, we need to assume an initial configuration. To keep the size restricted fordemonstrative purposes, let us consider an initial configuration that includes oneleader L1, one messenger M1 and two workers W1, W2.
The set O contains the following reconfiguration rules regarding: (a) genera-tion of a new worker when the control centre on earth decides it should join themission, (b) the destruction (i.e. removal from the system) of any kind of agentin the case it must abort the mission, (c) the establishment of a communicationchannel between a leader and a newly assigned to it worker, and (d) the removalof a communication channel between a leader and a worker when the latter isbeing reassigned to a new leader.
More particularly O contains the following rules:
If there is a need for an additional worker and earth can allocate one than anew agent appear in system ANTS:
( , , requestWorkerFromEarth)Li∧ earthHasAvailableWorkers() == true
⇒ GEN(Wi, q0i, m0i
, ANTS)L
If an agent aborts the mission then the agent is removed from system ANTS:
(aborting, , )∗this⇒ DES(∗this, ANTS)∗
If a worker agent looses its contact with its leader then the communicationchannels between the two agents are broken:
( , ( , , Li, , , , ), leaveCurrentLeader)Wi
⇒ DET(Wi, Li,DET(Li, Wi, ANTS))W
If a worker agent is assigned with a new leader then a new communicationchannel is established:
( , ( , , newLeader, , , , ), joinNewLeader)Wi
⇒ ATT(Wi, newLeader, ANTS)W
If a leader agent is assigned with a new worker (either from another leaderor from earth) then a new communication channel is established:
( , ( , , newWorker :: workers, , , ), receiveWorker)Li
⇒ ATT(Li, newWorker, ANTS)L
( , ( , , newWorker :: workers, , , ), receiveWorkerFromEarth)Li
⇒ ATT(Li, newWorker, ANTS)L
where * stands for any type of agent.The set of percepts of all agents is:
P = ΣL∪ΣW ∪ΣM ∪ (QL×ML×ΦL)∪ (QW ×MW ×ΦW )∪ (QM ×MM ×ΦM ).Because all reconfiguration rules per type of agent rely only on conditions de-pendent on the computation state of the agent itself (and not other agents),
the model needs not to communicate computation states among the differentagents and there are, therefore, no additional communication rules. A directconsequence of this is that there is no need for the environment to play the roleof communication mediator between the participating entities and as such noneed for it to hold any computation state objects: E = ∅.
Since in the assumed initial configuration we consider to have one group ofspacecrafts under the command of one leader, all agents should be in communi-cation with all others and so:R = {(L1, W1), (L1, W2), (L1, M1), (M1, L1), (M1, W1), (M1, W2), (W1, L1),(W1, M1), (W2, L1), (W2, M1)}
The set that contains all the agent instances becomes: A = {L1, W1, W2, M1)}where L1 = (CXML1
, CL1), Wi = (CXMWi
, CWi), 1 ≤ i ≤ 2 and M1 =
(CXMM1, CM1
).Finally, the set S that contains the “genetic codes” for all agent types is:
S = {(XTL, CL), (XTW , CW ), (XTM , CM )} where L, W, M are the XMs definedpreviously.
5 Conclusions and Further Work
We presented OPERAS, a framework, with which one can formally model thebehaviour and control over the internal states of an agent as well as formallydescribe the mutations that occur in the structure of a MAS, as separate com-ponents. Driven by a formal methods perspective, we employed CXMs and ideasfrom PPSs to define OPERASXC , a particular instance of the framework. Thesegave us the opportunity to combine the advantages that XMs have in terms ofmodelling the behaviour of an agent with the advantages that PPSs have interms of defining the mutation of the structure of the system. We have exper-imented with modelling of various biological and biology-inspired systems, andin this paper we presented the OPERASXC model of a swarm-based system ofa number of autonomous spacecrafts.
We would like to continue the investigation of how OPERAS could employother formal methods that might be suitable for this purpose. In the near future,we will focus on theoretical aspects of the framework, in order to demonstrate itsusefulness towards developing correct agent societies (i.e. complete testing andverification). Although work on verification and testing has been done with XMs[23, 24], it is important to investigate to what extend this could be inherited in ahybrid system, like OPERASXC . Towards this direction, we are also currentlyworking on various types of transformations that could prove its power for formalmodelling as well as address legacy issues concerned with correctness [28].
Finally, efforts will also be directed towards the integration of existing ani-mation tools on XMs and PPSs in order to come up with a new tool that will beable animate OPERASXC specified models. More particularly, the X-System[29] and the PPS-System [30] are tools that generate Prolog executable codefrom XM and PPS models written in a particular notation, respectively. Theintegration of the necessary features of these two tools into one will allow us
to gain a deeper understanding of the modelling issues involved in engineeringagent societies with OPERASXC and help us investigate the practicability ofour approach.
Acknowledgements
The authors would like to thank the reviewers for their valuable comments as well asthe Hellenic Artificial Intelligence Society for funding our participation to the ESAW2007 workshop.
References
[1] Mamei, M., Menezes, R., Tolksdorf, R., Zambonelli, F.: Case studies for self-organization in computer science. Journal of Systems Arch. 52 (2006) 443–460
[2] Krishna, S.N., Paun, G.: P systems with mobile membranes. Natural Computing:an international journal 4 (2005) 255–274
[3] Cardelli, L., Gordon, A.D.: Mobile ambients. In Nivat, M., ed.: Proceedings ofthe 1st Intern. Conference on Foundations of Software Science and ComputationStructures. Number 1378 in Lecture Notes In Computer Science. Springer (1998)140–155
[4] Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, i. Informationand Computation 100 (1992) 1–40
[5] Paun, G.: Computing with membranes. Journal of Computer and System Sciences61 (2000) 108–143 Also circulated as a TUCS report since 1998.
[6] Banatre, J., Le Metayer, D.: The gamma model and its discipline of programming.Science of Computer Programming 15 (1990) 55–77
[7] Berry, G., Boudol, G.: The chemical abstract machine. Journal of TheoreticalComputer Science 96 (1992) 217–248
[8] Rouf, C., Vanderbilt, A., Truszkowski, W., Rash, J., Hinchey, M.: Verification ofNASA emergent systems. In: Proceedings of the 9th IEEE International Confer-ence on Engineering Complex Computer Systems (ICECCS’04). (2004) 231–238
[9] dInverno, M., Luck, M., Georgeff, M., Kinny, D., Wooldridge, M.: The dMARSarchitechure: A specification of the distributed multi-agent reasoning system. Au-tonomous Agents and Multi-Agent Systems 9 (2004) 5–53
[10] Rabinovich, Z., Rosenschein, J.S.: Dynamics based control: Structure. In: Work-shop on Multi-Agent Sequential Decision Making in Uncertain Domains, at The5th International Joint Conference on Autonomous Agents and Multiagent Sys-tems, Hakodate, Japan, May 2006. (2006) 148–161
[11] Luck, M., d’Inverno, M.: Formal methods and agent-based systems. In Rouff, C.,Truszkowski, M.H.J.R.J., Gordon-Spears, D., eds.: NASA Monographs in Systemsand Software Engineering. Springer (2006)
[12] Fisher, M., Wooldridge, M.: On the formal specification and verification of multi-agent systems. International Journal of Cooperating Information Systems 6 (1997)37–65
[13] Hilaire, V., Koukam, A., Gruer, P., J.P., J.M.: Formal specification and proto-typing of multi-agent systems. In: Engineering Societies in the Agents World(ESAW’00). Number 1972 in LNAI. (2000) 114–127
[14] Odell, J., Parunak, H.V.D., Bauer, B.: Extending UML for agents. In: Proceed-ings of the Agent-Oriented Information Systems Workshop at the 17th Nationalconference on Artificial Intelligence. (2000) 3–17
[15] Ferber, J., Gutknecht, O., Michel, F.: From agents to organizations: an organiza-tional view of multiagent systems. In: Agent-Oriented Software Engineering IV.Number 2935 in LNCS. Springer Verlag (2003) 214230
[16] Gutknecht, O., Ferber, J.: MadKit: a generic multi-agent platform. In: Proc. ofthe 4th International Conference on Autonomous Agents. (2000) 78–79
[17] Kefalas, P., Stamatopoulou, I., Gheorghe, M.: A formal modelling framework fordeveloping multi-agent systems with dynamic structure and behaviour. In: Multi-Agent Systems and Applications IV: Proc. of the 4th International Central andEastern European Conference on Multi-Agent Systems (CEEMAS’05). Volume3690 of Lecture Notes in Artificial Intelligence. Springer Verlag (2005) 122–131
[18] Stamatopoulou, I., Kefalas, P., Gheorghe, M.: Modelling the dynamic structureof biological state-based systems. BioSystems 87 (2007) 142–149
[19] Stamatopoulou, I., Kefalas, P., Gheorghe, M.: Specification of reconfigurable MAS:A hybrid formal approach. In: Advances in Artificial Intelligence: Proc. of the 4thHellenic Conference on AI. Volume 3955 of LNAI. Springer (2006) 592–595
[20] Stamatopoulou, I., Kefalas, P., Gheorghe, M.: OPERASCC : An instance of a for-mal framework for MAS modelling based on Population P Systems. In: Proceed-ings of the 8th Workshop on Membrane Computing (WMC’07). (2007) 551–566
[21] Eilenberg, S.: Automata, Languages and Machines. Academic Press (1974)[22] Kefalas, P., Eleftherakis, G., Kehris, E.: Communicating X-machines: A practi-
cal approach for formal and modular specification of large systems. Journal ofInformation and Software Technology 45 (2003) 269–280
[23] Eleftherakis, G.: Formal Verification of X-machine Models: Towards Formal De-velopment of Computer-based Systems. PhD thesis, Department of ComputerScience, University of Sheffield (2003)
[24] Holcombe, M., Ipate, F.: Correct Systems: Building a Business Process Solution.Springer-Verlag, London (1998)
[25] Bernandini, F., Gheorghe, M.: Population P Systems. Journal of Universal Com-puter Science 10 (2004) 509–539
[26] Kefalas, P., Eleftherakis, G., Holcombe, M., Stamatopoulou, I.: Formal modellingof the dynamic behaviour of biology-inspired agent-based systems. In Gheorghe,M., ed.: Molecular Computational Models: Unconventional Approaches. Idea Pub-lishing Inc. (2005) 243–276
[27] Rouff, C., Vanderbilt, A., Hinchey, M., Truszkowski, W., Rash, J.: Properties of aformal method for prediction of emergent behaviors in swarm-based systems. In:Proc. of the 2nd Intern. Conference on Software Engineering and Formal Methods.(2004) 24–33
[28] Kefalas, P., Stamatopoulou, I., Gheorghe, M.: Principles of transforming commu-nicating x-machines to population p systems. In: Proceedings of the Intern. Work-shop on Automata for Cellular and Molecular Computing (ACMC’07). (2007)
[29] Kapeti, E., Kefalas, P.: A design language and tool for X-machines specification. InFotiadis, D.I., Spyropoulos, S.D., eds.: Advances in Informatics. World ScientificPublishing Company (2000) 134–145
[30] Stamatopoulou, I., Kefalas, P., Eleftherakis, G., Gheorghe, M.: A modelling lan-guage and tool for Population P Systems. In: Proceedings of the 10th PanhellenicConference in Informatics (PCI’05), Volos, Greece, November 11-13 (2005)