Model-Driven Methods to Design of Reliable Multiagent Cyber-Physical Systems

Transcript

1. Model-Driven Methods to Design of Reliable
   Multiagent Cyber-Physical Systems
   Authors: Sergey Staroletov, Nikolay Shilov, Vladimir Zyubin, Tatiana Liakh, Ivan Konyukhov, Innokenty Shilov, Thomas Baar, Horst Schulte
   Date: March 22, 2019
   

   View Slide

2. Norbert Wiener legacy
   https://en.wikipedia.org/w/ind
   ex.php?curid=49172308
   Norbert Wiener (26.11.1894 –18.03.1964) an American
   mathematician and philosopher.
   He is considered the originator of cybernetics, a formalization of the notion
   of feedback, with implications for engineering, systems control, computer
   science, biology, neuroscience, philosophy, and the organization of
   society.
   2
   

   View Slide

3. Norbert Wiener legacy
   https://persons-
   journal.com/userfiles/ima
   ges/2016/89/viner.jpg
   During WW-II, his work on the automatic aiming and
   firing of anti-aircraft guns caused Wiener to investigate
   information theory (independently of Claude Shannon)
   and eventually led him to formulate cybernetics.
   3
   

   View Slide

4. Multiagent research paradigm
   • Multiagent paradigm is a common name for several related research and
   development approaches in Computer Science, in Artificial Intelligence,
   Information Systems, etc.
   • A distributed system consists of multiple autonomous “computers”
   (programs with distributed memory) that communicate through a network.
   • A multiagent system is a distributed system that consists of agents. An
   agent is an autonomous reactive and proactive object (in OO-sense) whose
   internal states could be characterized in terms of Beliefs (B), Desires (D),
   and Intentions (I).
   4
   

   View Slide

5. Multiagent research paradigm
   5
   • Agent's beliefs represent its ideas/opinion about itself, other agents and the
   network; this ideas/opinions may be incorrect, incomplete, and (even)
   inconsistent.
   • Agent's desires represent its long-term aims, obligations and purposes (that
   may be controversial). Agent's intensions are used for a short-term
   planning.
   • Reactivity means that an agent can change its beliefs, after communication
   and interaction with other agents. Proactivity means that every agent can
   change its intentions after change of its beliefs.
   

   View Slide

6. Multiagent research paradigm
   6
   • A rational agent has clear preferences and always chooses an action (in
   feasible actions) that leads to the best personal outcome.
   • A bounded rationality is decision making limited by the cognitive abilities of
   agents (e.g. the finite amount of time they have to make decisions).
   • We distinguish belief and knowledge according to the Plato thesis. Thus
   our approach to knowledge and belief is not very formal like in Logic of
   Knowledge (i.e. Epistemic Logic) but we believe (but do not know it) that it
   may be formalized in the terms of the Epistemic Logic.
   

   View Slide

7. Multiagent research paradigm
   7
   • Communication (in a multiagent system) is said to be fair, if every agent
   which would like to communicate with any other will communicate
   eventually. (Of course, some communication scheduler or “mechanism” is
   required to guaranty the fairness.)
   

   View Slide

8. Robots and Station Puzzle
   8
   • There are several autonomous robots on Mars.
   Each robot can see all other robots but can’t
   see itself. Some of the robots have external
   visible damages, while other are safe.
   

   View Slide

9. Robots and Station Puzzle
   9
   • There is also an orbital station that is a client while
   all robots are its servers. The station would like
   damaged robots to report that they are damaged
   and safe robots to refrain from reporting.
   • Suggest a protocol that solves the problem.
   

   View Slide

10. Mars Robot Puzzle (MRP)
    10
    • There are > 1 autonomous agents (“robots”) and (the same) number of
    shelters on a plane part of Mars. Locations of all shelters are fixed and
    known to all robots. Every robot could communicate with any other robot in
    P2P manner. Every robot knows its own position, but is not aware about
    positions of other robots.
    • At some moment all robots fix their current positions, and must select
    individual shelters to move at by a straight route. Assume that there are no
    any obstacle (like rocks, holes, robots and shelters, etc.) between any robot
    and any shelter. Definitely, robots should not collide (it means that their
    routes should not intersect) so a robot can move to its shelter only when it
    knows that it will not collide with any other robot on the route.
    

    View Slide

11. Mars Robot Puzzle (MRP)
    11
    • Problem: Design a multiagent algorithm that
    guarantees that every robot will eventually know
    that its route to the selected shelter does not
    intersect with routes of other robots (and hence
    robots will not collide in a motion).
    

    View Slide

12. Related problem
    12
    • MRP is related to the following plane geometry
    problem: There are > 0 black and > 0 white
    points on the plane without collinear triples; proof
    that it is possible to couple black and white pairwise
    by segments without intersections.
    

    View Slide

13. To predict on the move: Euler method for FO IVP
    13
    • Input: Initial value problem ′ = (, ), ∈ [, ], = .
    • Euler method:
    o pick-up ≥ 1, ∈ , such that step ℎ = −
    
    is sufficient for desired
    accuracy and let 0
    = , 0
    = = ;
    o if (0 ≤ < ) is defined already then
    ▪ let +1
    =
    + ℎ,
    ▪
    = ℎ ∙
    , ,
    ▪ and +1
    =
    + .
    • Output: (a) A tabular function
    ,
    |=0
    = approximating solution of the
    problem, and (b) a real value approximating .
    

    View Slide

14. Euler algorithm (in precise arithmetic)
    14
    ≔ 0 ; = ; =
    2
    <
    3
    +
    = ℎ ∙ , ; = + ;
    = + ℎ ; ≔ + 1
    −
    1
    

    View Slide

15. Euler algorithm: specification
    15
    • Precondition is conjunction of the following 3 clauses:
    • is a positive integer, < are real numbers, and ℎ = −
    
    ;
    • function : 2[, ] is a solution of IVP ′ = (, ), ∈ [, ], =
    and |′′ | ≤ for all ∈ [, ];
    • | , + − , | ≤ || for all ∈ [, ], ∈ [, ], ∈ (for which
    , + is defined).
    • Postcondition: = and | − | ≤ (−)−1
    2
    ℎ.
    • Hoare triple (total correctness assertion):[Precondition] Euler [Postcondition].
    

    View Slide

16. Euler algorithm verification: invariant
    16
    • Invariant is the conjunction of the following 3 clauses:
    o precondition;
    o 0 ≤ ≤ , = + ℎ;
    o | − | ≤
    2
    σ=0
    =−1(1 + ℎ) ℎ2.
    

    View Slide

17. Euler algorithm verification: path (2+2)
    17
    precondition;
    0 ≤ ≤ , = + ℎ;
    − ≤
    2
    σ=0
    =−1 1 + ℎ ℎ2
    < ? ; = ℎ ∙ , ; = + ; = + ℎ ; ≔ + 1
    precondition;
    0 ≤ ≤ , = + ℎ;
    − ≤
    2
    σ=0
    =−1 1 + ℎ ℎ2
    

    View Slide

18. 18
    A problem for further study:
    Formal verification of the Euler method
    when the coefficients are interval
    values…
    

    View Slide

19. 19
    Questions?
    

    View Slide

20. 20
    Answers?
    

    View Slide

21. 21
    Thank you!
    

    View Slide