Model Checking Logics of Social Commitments for Agent Communication

This thesis is about specifying and verifying communications among autonomous and possibly heterogeneous agents, which are the key principle for constructing effective open multi-agent systems (MASs). Effective systems are those that successfully achieve applicability, feasibility, error-freeness and balance between expressiveness and verification efficiency aspects. Over the last two decades, the MAS community has advocated social commitments, which successfully provide a powerful representation for modeling communications in the figure of business contracts from one agent to another. While modeling communications using commitments provides a fundamental basis for capturing flexible communications and helps address the challenge of ensuring compliance with specifications, the designers and business process modelers of the system as a whole cannot guarantee that an agent complies with its commitments as supposed to or at least not wantonly violate or cancel them. They may still wish to first formulate the notion of commitment-based protocols that regulate communications among agents and then establish formal verification (e.g., model checking) by which compliance verification in those protocols is possible. In this thesis, we address the aforementioned challenges by firstly developing a new branching-time temporal logic---called ACTL*c---that extends CTL* with modal operators for representing and reasoning about commitments and all associated actions. The proposed semantics for ACL (agent communication language) messages in terms of commitments and their actions is formal, declarative, meaningful, verifiable and semi-computationally grounded. We use ACTL*c to derive a new specification language of commitment-based protocols, which is expressive and suitable for model checking. We introduce a reduction method to formally transform the problem of model checking ACTL*c to the problem of model checking GCTL* so that the use of the CWB-NC model checker is possible. We prove the soundness of our reduction method and implement it on top of CWB-NC. To check the effectiveness of our reduction method, we report the verification results of the NetBill protocol and Contract Net protocol against some properties. In addition to the reduction method, we develop a new symbolic algorithm to perform model checking ACTL*c. To balance between expressiveness and verification efficiency, we secondly adopt a refined fragment of ACTL*c, called CTLC, an extension of CTL with modalities for commitments and their fulfillment. We extend the formalism of interpreted systems introduced to develop MASs with shared and unshared variables and considered agents' local states in the definition of a full-computationally grounded semantics for ACL messages using commitments. We present reasonable axioms of commitment and fulfillment modalities. In our verification technique, the problem of model checking CTLC is reduced into the problems of model checking ARCTL and GCTL* so that respectively extended NuSMV and CWB-NC (as a benchmark) are usable. We prove the soundness of our reduction methods and then implement them on top of the extended NuSMV and CWB-NC model checkers. To evaluate the effectiveness of our reduction methods, we verified the correctness of two business case studies. We finally proceed to develop a new symbolic model checking algorithm to directly verify commitments and their fulfillment and commitment-based protocols. We analyze the time complexity of CTLC model checking for explicit models and its space complexity for concurrent programs that provide compact representations. We prove that although CTLC extends CTL, their model checking algorithms still have the same time complexity for explicit models, and the same space complexity for concurrent programs. We fully implement the proposed algorithm on top of MCMAS, a model checker for the verification of MASs, and then check its efficiency and scalability using an industrial case study

MCMAS: an open-source model checker for the verification of multi-agent systems

We present MCMAS, a model checker for the verification of multi-agent systems. MCMAS supports efficient symbolic techniques for the verification of multi-agent systems against specifications representing temporal, epistemic and strategic properties. We present the underlying semantics of the specification language supported and the algorithms implemented in MCMAS, including its fairness and counterexample generation features. We provide a detailed description of the implementation. We illustrate its use by discussing a number of examples and evaluate its performance by comparing it against other model checkers for multi-agent systems on a common case study

Practical Abstraction for Model Checking of Multi-Agent Systems

Model checking of multi-agent systems (MAS) is known to be hard, both theoretically and in practice. A smart abstraction of the state space may significantly reduce the model, and facilitate the verification. In this paper, we propose and study an intuitive agent-based abstraction scheme, based on the removal of variables in the representation of a MAS. This allows to do the reduction without generating the global model of the system. Moreover, the process is easy to understand and control even for domain experts with little knowledge of computer science. We formally prove the correctness of the approach, and evaluate the gains experimentally on models of a postal voting procedure

10031 Abstracts Collection -- Quantitative Models: Expressiveness and Analysis

From Jan 18 to Jan 22, 2010, the Dagstuhl Seminar 10031 ``Quantitative Models: Expressiveness and Analysis \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

MCMAS: an open-source model checker for the verification of multi-agent systems

We present MCMAS, a model checker for the verification of multi-agent systems. MCMAS supports efficient symbolic techniques for the verification of multi-agent systems against specifications representing temporal, epistemic and strategic properties. We present the underlying semantics of the specification language supported and the algorithms implemented in MCMAS, including its fairness and counterexample generation features. We provide a detailed description of the implementation. We illustrate its use by discussing a number of examples and evaluate its performance by comparing it against other model checkers for multi-agent systems on a common case study

Model checking concurrent and real-time systems : the PAT approach

Ph.DDOCTOR OF PHILOSOPH

Formal Design and Verification of Digital PID Gain Scheduling Controllers

The verification process of embedded systems is fundamental for their correct development. Embedded control is a popular choice among the engineering community, making the relationship between control systems and computer science very close. Gain scheduling is a typical approach for safety-critical systems (e.g. jet-engines). It is preferred due to a known route to certification. Nonetheless, stability and performance are hard to prove analytically. Consequently, safety and airworthiness are achieved by extensive testing, and therefore a new way for verification is desirable. Model checking, an exhaustive verification technique, is a part of formal methods. Model checking can aid in detecting ambiguities and collisions in requirements, increasing and improving testing coverage and error detection rate. However, there are still limitations and challenges to model checking. The state-space explosion problem limits its use to realistic dynamic control systems: Computational memory runs out or available data types are not appropriate for modelling. This thesis addresses the formal design and verification of discrete PID gain-scheduled control systems. By the means of a novel abstraction methodology the control problem is resolved in a model checking environment; formally tuning the controller whilst systematically constructing a control schedule. The work in this overcomes typical constraints imposed by model checking. In this manner, the gain-scheduled controller can be efficiently generated and the resulting schedule is correct-by-construction with respect to high level performance requirements. This novel methodology incorporates computer science and control systems tools, proposing an a priori verification approach in contrast to current a posteriori testing activities. By combining computer science and control engineering, the gap between formal methods and control systems is reduced. The next step in this line of research is to analyse the scalability of the approach using more realistic models and design cases; in this manner the state-space explosion problem can be addressed with a divide and conquer approach. Also, a trade-off analysis between benefits and the required effort learning the new approach in a real development cycle must be conducted to assess feasibility and capabilities of the approach

Engineering Trustworthy Self-Adaptive Software with Dynamic Assurance Cases

Building on concepts drawn from control theory, self-adaptive software handles environmental and internal uncertainties by dynamically adjusting its architecture and parameters in response to events such as workload changes and component failures. Self-adaptive software is increasingly expected to meet strict functional and non-functional requirements in applications from areas as diverse as manufacturing, healthcare and finance. To address this need, we introduce a methodology for the systematic ENgineering of TRUstworthy Self-adaptive sofTware (ENTRUST). ENTRUST uses a combination of (1) design-time and runtime modelling and verification, and (2) industry-adopted assurance processes to develop trustworthy self-adaptive software and assurance cases arguing the suitability of the software for its intended application. To evaluate the effectiveness of our methodology, we present a tool-supported instance of ENTRUST and its use to develop proof-of-concept self-adaptive software for embedded and service-based systems from the oceanic monitoring and e-finance domains, respectively. The experimental results show that ENTRUST can be used to engineer self-adaptive software systems in different application domains and to generate dynamic assurance cases for these systems