An Unexpected Journey: Towards Runtime Verification of Multiagent Systems and Beyond

The Trace Expression formalism derives from works started in 2012 and is mainly used to specify and verify interaction protocols at runtime, but other applications have been devised. More specically, this thesis describes how to extend and apply such formalism in the engineering process of distributed articial intelligence systems (such as Multiagent systems). This thesis extends the state of the art through four dierent contributions: 1. Theoretical: the thesis extends the original formalism in order to represent also parametric and probabilistic specications (parametric trace expressions and probabilistic trace expressions respectively). 2. Algorithmic: the thesis proposes algorithms for verifying trace expressions at runtime in a decentralized way. The algorithms have been designed to be as general as possible, but their implementation and experimentation address scenarios where the modelled and observed events are communicative events (interactions) inside a multiagent system. 3. Application: the thesis analyzes the relations between runtime and static verication (e.g. model checking) proposing hybrid integrations in both directions. First of all, the thesis proposes a trace expression model checking approach where it shows how to statically verify LTL property on a trace expression specication. After that, the thesis presents a novel approach for supporting static verication through the addition of monitors at runtime (post-process). 4. Implementation: the thesis presents RIVERtools, a tool supporting the writing, the syntactic analysis and the decentralization of trace expressions

Failure Handling in BDI Plans via Runtime Enforcement

This project CONVINCE has received funding from the European Union’s Horizon research and innovation programme G.A. n. 101070227. This publication is funded by the European Union. Views and opinions expressed are however those of the authors only and do not necessarily reflect those of the European Union or European Commission (the granting authority). Neither the European Union nor the granting authority can be held responsible for themPublisher PD

Ain't No Stopping Us Monitoring Now

Not all properties are monitorable. This is a well-known fact, and it means there exist properties that cannot be fully verified at runtime. However, given a non-monitorable property, a monitor can still be synthesised, but it could end up in a state where no verdict will ever be concluded on the satisfaction (resp., violation) of the property. For this reason, non-monitorable properties are usually discarded. In this paper, we carry out an in-depth analysis on monitorability, and how non-monitorable properties can still be partially verified. We present our theoretical results at a semantic level, without focusing on a specific formalism. Then, we show how our theory can be applied to achieve partial runtime verification of Linear Temporal Logic (LTL)

Decentralizing MAS Monitoring with DecAMon

We describe DecAMon, an algorithm for decentralizing the monitoring of the MAS communicative behavior described via an Agent Interaction Protocol (AIP). If some agents in the MAS are grouped together and monitored by the same monitor, instead of individually, a partial decentralization of the monitoring activity can still be obtained even if the "unique point of choice" (a.k.a. local choice) and "connectedness for sequence" (a.k.a. causality) coherence conditions are not satisfied by the protocol. Given an AIP specification, DecAMon outputs a set of "Monitoring Safe Partitions" of the agents, namely partitions P which ensure that having one monitor in charge for each group of agents in P allows detection of all and only the protocol violations that a fully centralized monitor would detect. In order to specify AIPs we use "trace expressions": this formalism can express event traces that are not context-free and can model both synchronous and asynchronous communication just by changing the underlying notion of event

Agents interoperability via conformance modulo mapping

We present an algorithm for establishing a flexible conformance relation between two local agent interaction protocols (LAIPs) based on mappings involving agents and messages, respectively. Conformance is in fact computed "modulo mapping": two LAIPs \u3c4 and \u3c4 may involve different agents and use different syntax for messages, but may still be found to be conformant provided that a given map from entities appearing in \u3c4 to corresponding entities in \u3c4 is applied. LAIPs are modelled as trace expressions whose high expressive power allows for the design of protocols that could not be specified using finite state automata or equivalent formalisms. This expressive power makes the problem of stating if \u3c4 conforms to \u3c4 undecidable. We cope with this problem by over-approximating trace expressions that may lead to infinite computations, obtaining a sound but not complete implementation of the proposed conformance check

Parametric Protocol-Driven Agents and their Integration in JADE

Abstract. In this paper we introduce "Template Global Types" which extend Constrained Global Types to support a more generic and modular approach to define protocols, meant as patterns of events of a given type. Protocols can be used both for monitoring the behavior of distributed computational entities and for driving it. In this paper we show the potential of Template Global Types in the domain of protocol-driven intelligent software agents. The interpreter for "executing" Template Global Types has a very natural implementation in Prolog which can easily implement the transition rules for moving from one state to another one, given that an event has been perceived (in case of monitoring) or generated for execution (in case of protocol-driven behavior). This interpreter has been integrated into the Jason logic-based agent framework with limited effort, thanks to the native support that Jason offers to Prolog. In order to demonstrate the flexibility and portability of our approach, which goes beyond the boundaries of logic-based frameworks, in this paper we discuss the integration of the protocol-driven interpreter into the JADE agent framework, entirely implemented in Java

Scalable Verification of Strategy Logic through Three-valued Abstraction

The model checking problem for multi-agent systems against Strategy Logic specifications is known to be non-elementary. On this logic several fragments have been defined to tackle this issue but at the expense of expressiveness. In this paper, we propose a three-valued semantics for Strategy Logic upon which we define an abstraction method. We show that the latter semantics is an approximation of the classic two-valued one for Strategy Logic. Furthermore, we extend MCMAS, an open-source model checker for multi-agent specifications, to incorporate our abstraction method and present some promising experimental results