Model-Driven Methods to Design of Reliable Multiagent Cyber-Physical Systems

Transcript

1. Model-Driven Methods to Design of Reliable Multiagent Cyber-Physical Systems Authors:

   Sergey Staroletov, Nikolay Shilov, Vladimir Zyubin, Tatiana Liakh, Ivan Konyukhov, Innokenty Shilov, Thomas Baar, Horst Schulte Date: March 22, 2019

2. Norbert Wiener legacy https://en.wikipedia.org/w/ind ex.php?curid=49172308 Norbert Wiener (26.11.1894 –18.03.1964) an

   American mathematician and philosopher. He is considered the originator of cybernetics, a formalization of the notion of feedback, with implications for engineering, systems control, computer science, biology, neuroscience, philosophy, and the organization of society. 2

3. Norbert Wiener legacy https://persons- journal.com/userfiles/ima ges/2016/89/viner.jpg During WW-II, his work

   on the automatic aiming and firing of anti-aircraft guns caused Wiener to investigate information theory (independently of Claude Shannon) and eventually led him to formulate cybernetics. 3

4. Multiagent research paradigm • Multiagent paradigm is a common name

   for several related research and development approaches in Computer Science, in Artificial Intelligence, Information Systems, etc. • A distributed system consists of multiple autonomous “computers” (programs with distributed memory) that communicate through a network. • A multiagent system is a distributed system that consists of agents. An agent is an autonomous reactive and proactive object (in OO-sense) whose internal states could be characterized in terms of Beliefs (B), Desires (D), and Intentions (I). 4

5. Multiagent research paradigm 5 • Agent's beliefs represent its ideas/opinion

   about itself, other agents and the network; this ideas/opinions may be incorrect, incomplete, and (even) inconsistent. • Agent's desires represent its long-term aims, obligations and purposes (that may be controversial). Agent's intensions are used for a short-term planning. • Reactivity means that an agent can change its beliefs, after communication and interaction with other agents. Proactivity means that every agent can change its intentions after change of its beliefs.

6. Multiagent research paradigm 6 • A rational agent has clear

   preferences and always chooses an action (in feasible actions) that leads to the best personal outcome. • A bounded rationality is decision making limited by the cognitive abilities of agents (e.g. the finite amount of time they have to make decisions). • We distinguish belief and knowledge according to the Plato thesis. Thus our approach to knowledge and belief is not very formal like in Logic of Knowledge (i.e. Epistemic Logic) but we believe (but do not know it) that it may be formalized in the terms of the Epistemic Logic.

7. Multiagent research paradigm 7 • Communication (in a multiagent system)

   is said to be fair, if every agent which would like to communicate with any other will communicate eventually. (Of course, some communication scheduler or “mechanism” is required to guaranty the fairness.)

8. Robots and Station Puzzle 8 • There are several autonomous

   robots on Mars. Each robot can see all other robots but can’t see itself. Some of the robots have external visible damages, while other are safe.

9. Robots and Station Puzzle 9 • There is also an

   orbital station that is a client while all robots are its servers. The station would like damaged robots to report that they are damaged and safe robots to refrain from reporting. • Suggest a protocol that solves the problem.

10. Mars Robot Puzzle (MRP) 10 • There are > 1

    autonomous agents (“robots”) and (the same) number of shelters on a plane part of Mars. Locations of all shelters are fixed and known to all robots. Every robot could communicate with any other robot in P2P manner. Every robot knows its own position, but is not aware about positions of other robots. • At some moment all robots fix their current positions, and must select individual shelters to move at by a straight route. Assume that there are no any obstacle (like rocks, holes, robots and shelters, etc.) between any robot and any shelter. Definitely, robots should not collide (it means that their routes should not intersect) so a robot can move to its shelter only when it knows that it will not collide with any other robot on the route.

11. Mars Robot Puzzle (MRP) 11 • Problem: Design a multiagent

    algorithm that guarantees that every robot will eventually know that its route to the selected shelter does not intersect with routes of other robots (and hence robots will not collide in a motion).

12. Related problem 12 • MRP is related to the following

    plane geometry problem: There are > 0 black and > 0 white points on the plane without collinear triples; proof that it is possible to couple black and white pairwise by segments without intersections.

13. To predict on the move: Euler method for FO IVP

    13 • Input: Initial value problem ′ = (, ), ∈ [, ], = . • Euler method: o pick-up ≥ 1, ∈ , such that step ℎ = − is sufficient for desired accuracy and let 0 = , 0 = = ; o if (0 ≤ < ) is defined already then ▪ let +1 = + ℎ, ▪ = ℎ ∙ , , ▪ and +1 = + . • Output: (a) A tabular function , |=0 = approximating solution of the problem, and (b) a real value approximating .

14. Euler algorithm (in precise arithmetic) 14 ≔ 0 ; =

    ; = 2 < 3 + = ℎ ∙ , ; = + ; = + ℎ ; ≔ + 1 − 1

15. Euler algorithm: specification 15 • Precondition is conjunction of the

    following 3 clauses: • is a positive integer, < are real numbers, and ℎ = − ; • function : 2[, ] is a solution of IVP ′ = (, ), ∈ [, ], = and |′′ | ≤ for all ∈ [, ]; • | , + − , | ≤ || for all ∈ [, ], ∈ [, ], ∈ (for which , + is defined). • Postcondition: = and | − | ≤ (−)−1 2 ℎ. • Hoare triple (total correctness assertion):[Precondition] Euler [Postcondition].

16. Euler algorithm verification: invariant 16 • Invariant is the conjunction

    of the following 3 clauses: o precondition; o 0 ≤ ≤ , = + ℎ; o | − | ≤ 2 σ=0 =−1(1 + ℎ) ℎ2.

17. Euler algorithm verification: path (2+2) 17 precondition; 0 ≤ ≤

    , = + ℎ; − ≤ 2 σ=0 =−1 1 + ℎ ℎ2 < ? ; = ℎ ∙ , ; = + ; = + ℎ ; ≔ + 1 precondition; 0 ≤ ≤ , = + ℎ; − ≤ 2 σ=0 =−1 1 + ℎ ℎ2

18. 18 A problem for further study: Formal verification of the

    Euler method when the coefficients are interval values…

19. 19 Questions?

20. 20 Answers?

21. 21 Thank you!