Time         Modelling, Verification and                                                                       Duration: Th...
Reading Material II                                                                                  Reading Material III ...
1 Linear and Branching Time                                                                                              1...
1 Linear and Branching Time                                                                                              1...
1 Linear and Branching Time                                                                                              1...
1 Linear and Branching Time                                                                                          1 Lin...
1 Linear and Branching Time                                                                                          1 Lin...
1 Linear and Branching Time                                                                                          1 Lin...
1 Linear and Branching Time                                                                                         1 Line...
1 Linear and Branching Time                                                                                         1 Line...
1 Linear and Branching Time                                                                                               ...
1 Linear and Branching Time                                                                                         1 Line...
1 Linear and Branching Time                                                                                         1 Line...
1 Linear and Branching Time                                                                                         1 Line...
1 Linear and Branching Time                                                                                         1 Line...
1 Linear and Branching Time                                                                                         1 Line...
1 Linear and Branching Time                                                                                         1 Line...
1 Linear and Branching Time                                                                                               ...
1 Linear and Branching Time                                                                                               ...
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems
Upcoming SlideShare
Loading in …5
×

T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems

678 views

Published on

14th European Agent Systems Summer School

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
678
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

T4 Introduction to the modelling and verification of, and reasoning about multi-agent systems

  1. 1. Time Modelling, Verification and Duration: Three times 105 minutes Dates: Thursday, 9:30-11:15, 15-16:45 and Friday 15-16:45, Reasoning in Multi-Agent Systems Nils Bulling and Jürgen Dix Course type Level: advanced EASSS 2012 Prerequisites: knowledge of propositional/predicate logic, basics Valencia, Spain of automata and complexity theory, some universal algebra. 28. May – 1. June 2012 Course website http://www.in.tu-clausthal.de/index.php?id=easss2012N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 1 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 2 Course Overview Reading Material I The course is divided into 6 lectures à 50 minutes: Lec. 1: Linear and Branching Time (D, 60 min) Alur, R., Henzinger, T. A., and Kupferman, O. (2002). SL, FOL, temporal logics: LTL, CTL∗ , CTL, Alternating-time Temporal Logic. Lec. 2: Cooperative Agents (D, 40 min) Journal of the ACM, 49:672–713. Strategic logics: ATL, ATL∗ , effect of memory Baier, C. and Katoen, J.-P. (2008). Lec. 3: Comparing Semantics of ATL (B, 50 min) Principles of Model Checking. Semantic variants of ATL, tree unfolding The MIT Press. Lec. 4: Reasoning and Examples (D, 50 min) Blackburn, P., de Rijke, M., and Venema, Y. (2001). Basic Modal Logic, axiomatizations of LTL, CTL, ATL Modal Logic. viewed as modal logics Number 53 in Cambridge Tracts in Theoretical Computer Science. Lec. 5: Complexity of Veri cation: Model Checking (B, 60 Cambridge University Press, Cambridge, UK. min) Model checking problem and complexity Lec. 6: Complexity of Reasoning: Satis ablity (B, 40 min) Satisfiability checking problem and complexityN. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 3 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 4
  2. 2. Reading Material II Reading Material III Bulling, N., Dix, J., and Jamroga, W. (2010). Model checking logics of strategic ability: Complexity. In Dastani, M., Hindriks, K. V., and Meyer, J.-J. C., editors, Specification and Verification of Multi-Agent Systems. Springer. Jamroga, W. and Bulling, N. (2011). Comparing variants of strategic ability. Clarke, E., Grumberg, O., and Peled, D. (1999). In Proceedings of the 22nd International Joint Conference on Artificial Model Checking. Intelligence (IJCAI), pages 252–257, Barcelona, Spain. MIT Press. Jürgen Dix and Michael Fisher (2012). Chapter 14: Specification and Verification of Multi-agent Systems. In G. Weiss (Ed.), Multiagent Systems, MIT Press.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 5 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 6 1 Linear and Branching Time Outline 1 Linear and Branching Time 2 Cooperative Agents 1. Linear and Branching Time 3 Comparing Semantics of ATL 4 Reasoning and Examples 1 Linear and Branching Time Sentential Logic 5 Complexity of Verification: Model Checking First-Order Logic 6 Complexity of Reasoning: Satisfiability Linear Time Logic Branching Time Logic 7 Appendix: Automata Theory 8 ReferencesN. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 7 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 8
  3. 3. 1 Linear and Branching Time 1 Linear and Branching Time 1.1 Sentential Logic Outline We recapitulate very briefly sentential (also called propositional) logic (SL) and first-order logic (FOL), As an example of FOL, we consider FO(≤) monadic FOL of linear order. 1.1 Sentential Logic Then we present LTL, a logic to deal with linear time (no branching). This logic is equivalent to FO(≤). CTL∗ is an extension of LTL to branching time. CTL is an interesting fragment of CTL∗ , incomparable with LTL, but with interesting computational properties. While LTL is defined over path formulae, CTL is defined over state formulae. CTL∗ is defined over both sorts of formulae.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 9 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 10 1 Linear and Branching Time 1 Linear and Branching Time 1.1 Sentential Logic 1.1 Sentential Logic Syntax of SL Semantics (SL) The propositional language is built upon A valuation (or truth assignment) v : Prop → {t, f} for a Propositional symbols: p, q, r, . . . , p1 , p2 , p3 , . . . language LP L (Prop) is a mapping from the set of Logical connectives: ¬ and ∨ propositional constants defined by Prop into the set Grouping symbols: (, ) {t, f}. Often we consider only a finite, nonempty set of Inductively, we define the notion of a formula ϕ being propositional symbols and refer to it as Prop. true or satis ed by v (denoted by v |= ϕ): Propositional language LP L (Prop): v |= p iff v(p) = t and p ∈ Prop, ϕ ::= p | ¬ϕ | ϕ ∨ ϕ v |= ¬ϕ iff not v |= ϕ, v |= ϕ ∨ ψ iff v |= ϕ or v |= ψ Macros: For a set Σ ⊆ LP L we write v |= Σ iff v |= ϕ for all ϕ ∈ Σ. ϕ ∧ ψ := ¬(¬ϕ ∨ ¬ψ) := p ∨ ¬p) We use v |= ϕ instead of not v |= ϕ. ϕ → ψ := ¬ϕ ∨ ψ ⊥ := ¬ ϕ ↔ ψ := (ϕ → ψ) ∧ (ψ → ϕ)N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 11 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 12
  4. 4. 1 Linear and Branching Time 1 Linear and Branching Time 1.1 Sentential Logic 1.1 Sentential Logic Truth Tables Fundamental Semantical Concepts If it is possible to find some valuation v that makes ϕ Truth tables are a conceptually simple way of working true, then we say ϕ is satis able. with PL (invented by Wittgenstein in 1918). If v |= ϕ for all valuations v then we say that ϕ is valid and write |= ϕ . ϕ is also called tautology. p q ¬p p∨q p∧q p→q p↔q A theory is a set of formulae: Φ ⊆ LP L . t t f t t t t A theory Φ is called consistent if there is a valuation v f t t t f t f with v |= Φ. t f f t f f f A theory Φ is called complete if for each formula ϕ in the f f t f f t t language, ϕ ∈ Φ or ¬ϕ ∈ Φ . Two simple examples Consider the two formulae p ∧ ¬b and a ∨ ¬a. Are they satisfiable or valid? Are they both consistent? What if we add b?N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 13 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 14 1 Linear and Branching Time 1 Linear and Branching Time 1.1 Sentential Logic 1.2 First-Order Logic Consequences Given a theory Φ we are interested in the following question: Which facts can be derived from Φ? We can distinguish two approaches: 1 semantical consequences, and 1.2 First-Order Logic 2 syntactical inference. Let Φ be a theory and ϕ be a formula. We say that ϕ is a semantical consequence of Φ if for all valuations v: v |= Φ implies v |= ϕ.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 15 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 16
  5. 5. 1 Linear and Branching Time 1 Linear and Branching Time 1.2 First-Order Logic 1.2 First-Order Logic Predicate logic Functions In addition to the propositional language (on which the modal language is built as well), the rst-order language Definition 1.3 (Function Symbols) (FOL) contains variables, function-, and predicate Let k ∈ N0 . The set of k-ary function symbols is denoted by symbols. Func k . Elements of Func k are given by f1 , f2 . . . . Such a k k Definition 1.1 (Variable) symbol takes k arguments. The set of all function symbols is defined as A variable is a symbol of the set Var . Typically, we denote variables by x0 , x1 , . . .. Func := Func k k Example 1.2 A 0-ary function symbol is called constant. 2 1 1 0 ϕ := ∃x0 ∀x1 (P0 (f0 (x0 ), x1 ) ∧ P2 (f1 ))N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 17 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 18 1 Linear and Branching Time 1 Linear and Branching Time 1.2 First-Order Logic 1.2 First-Order Logic Predicates Syntax The rst-order language with equality LF OL is built from Definition 1.4 (Predicate Symbols) terms and formulae. Let k ∈ N0 . The set of k-ary predicate symbols (or relation In the following we fix a set of variables, function-, and symbols) is given by Pred k . Elements of Pred k are denoted predicate symbols. k k by P1 , P2 . . . . Such a symbol takes k arguments. The set of predicate symbols is defined as Definition 1.5 (Term) A term over Func and Var is inductively defined as follows: Pred := Pred k k 1 Each variable from Var is a term. If t1 , . . . tk are terms then f k (t1 , . . . , tk ) is a term as well, A 0-ary predicate symbol is called (atomic) proposition. 2 where f k is an k-ary function symbol from Func k .N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 19 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 20
  6. 6. 1 Linear and Branching Time 1 Linear and Branching Time 1.2 First-Order Logic 1.2 First-Order Logic Definition 1.7 (Macros) Definition 1.6 (Language) We define the following syntactic constructs as macros (P ∈ Pred 0 ): The rst-order language with equality LF OL (Var , Func, Pred ) is defined by the following grammar: ⊥ := P ∧ ¬P . := ¬⊥ ϕ ::= P k (t1 , . . . , tk ) | ¬ϕ | ϕ ∨ ϕ | ∃x(ϕ) | t = r ϕ ∧ ψ := ¬(¬ϕ ∨ ¬ψ) where P k ∈ Pred k is a k-ary predicate symbol and t1 , . . . , tk ϕ → ψ := ¬ϕ ∨ ψ and t, r are terms over Var and Func. ϕ ↔ ψ := (ϕ → ψ) ∧ (ψ → ϕ) ∀x(ϕ) := ¬∃x(¬ϕ)N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 21 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 22 1 Linear and Branching Time 1 Linear and Branching Time 1.2 First-Order Logic 1.2 First-Order Logic Notation Semantics We will often leave out the index k in fik and Pik Definition 1.8 (Model, Structure) indicating the arity and just write fi and Pi . Variables are also denoted by u, v, w, . . . A model or structure for FOL over Var , Func and Pred is Function symbols are also denoted by f, g, h, . . . given by M = (U, I) where Constants are also denoted by a, b, c, . . . , c0 , c1 , . . . 1 U is a non-empty set of elements, called universe or Predicate symbols are also denoted by P, Q, R, . . . domain and We will use our standard notation p for 0-ary predicate 2 I is called interpretation. It assigns to each function symbols and also call them (atomic) propositions. symbol f k ∈ Func k a function I(f k ) : U k → U , to each predicate symbol P k ∈ Pred k a relation I(P k ) ⊆ U k ; and Attention to each variable x ∈ Var an element I(x) ∈ U . In this course, we only need unary predicates (monadic We write: logic) and we do not need any function symbols at all. So k k 1 M(P ) for I(P ), our terms are exactly the variables. k k 2 M(f ) for I(f ), and 3 M(x) for I(x).N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 23 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 24
  7. 7. 1 Linear and Branching Time 1 Linear and Branching Time 1.2 First-Order Logic 1.2 First-Order Logic Note that a structure comes with an interpretation I, which is based on functions and predicate symbols and assignments of the variables. But these are also defined in the notion of a language. Thus we assume from now on Definition 1.10 (Value of a Term) that the structures are compatible with the underlying Let t be a term and M = (U, I) be a model. We define language: The arities of the functions and predicates must inductively the value of t wrt M, written as M(t), as follows: correspond to the associated symbols. M(x) := I(x) for a variable t = x, Example 1.9 M(t) := I(f k )(M(t1 ), . . . , M(tk )) if t = f k (t1 , . . . , tk ). ϕ := Q(x) ∨ ∀z(P (x, g(z))) ∨ ∃x(∀y(P (f (x), y) ∧ Q(a))) U =R I(a) : {∅} → R, ∅ → π constant functions, I(f ) : I(f ) = sin : R → R and I(g) = cos : R → R, I(P ) = {(r, s) ∈ R2 : r ≤ s} and I(Q) = [3, ∞) ⊆ R, I(x) = π , I(y) = 1 and I(z) = 3. 2N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 25 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 26 1 Linear and Branching Time 1 Linear and Branching Time 1.2 First-Order Logic 1.2 First-Order Logic Definition 1.11 (Semantics) Example: FO(≤) Monadic first-order logic of order, denoted by FO(≤), is Let M = (U, I) be a model and ϕ ∈ LF OL . ϕ is said to be first-order logic with the only binary symbol ≤ (except true in M, written as M |= ϕ, if the following holds: equality, which is also allowed) and, additionally, any M |= P k (t1 , . . . tk ) iff (M(t1 ), . . . , M(tk )) ∈ M(P k ) number of unary predicates. The theory assumes that ≤ is M |= ¬ϕ iff not M |= ϕ a linear order, but nothing else. M |= ϕ ∨ ψ iff M |= ϕ or M |= ψ A typical model is given by M |= ∃x(ϕ) iff M[x/a] |= ϕ for some a ∈ U where M[x/a] N = N, ≤N , P1 , P2 , . . . Pn N N N denotes the model equal to M but M[x/a] (x) = a. . M |= t = r iff M(t) = M(r) where ≤N is the usual ordering on the natural numbers and PiN ⊆ N. Given a set Σ ⊆ LF OL we write M |= Σ iff M |= ϕ for all ϕ ∈ Σ. The sets PiN determine the timepoints where the property Pi holds.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 27 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 28
  8. 8. 1 Linear and Branching Time 1 Linear and Branching Time 1.2 First-Order Logic 1.3 Linear Time Logic What can we express in FO(≤)? Can we nd formulae that express that a property r is true infinitely often? r is true at all even timepoints and ¬r at all 1.3 Linear Time Logic odd timepoints? whenever r is true, then s is true in the next timepoint?N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 29 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 30 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic Reasoning about Time Temporal logic was originally developed in order to represent tense in natural language. The accessibility relation represents time. Time: linear vs. branching. Reasoning about a particular computation of a system. Within Computer Science, it has achieved a significant role Models: paths (e.g. obtained from Kripke structures) in the formal specification and verification of concurrent and distributed systems. start Much of this popularity has been achieved because a number of useful concepts can be formally, and concisely, specified using temporal logics, e.g. start safety properties liveness properties fairness propertiesN. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 31 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 32
  9. 9. 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic Typical temporal operators Safety Properties “something bad will not happen” Xϕ ϕ is true in the neXt moment in time “something good will always hold” Gϕ ϕ is true Globally: in all future moments Fϕ ϕ is true in Finally: eventually (in the future) Typical examples: ϕU ψ ϕ is true Until at least the moment when ψ becomes true (and this eventually happens) G¬bankrupt Gf uelOK G((¬passport ∨ ¬ticket) → X¬board_f light) and so on . . . send(msg, rcvr) → Freceive(msg, rcvr) Usually: G¬....N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 33 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 34 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic Liveness Properties Fairness Properties Combinations of safety and liveness possible: “something good will happen” FG¬dead G(request_taxi → Farrive_taxi) fairness Typical examples: Strong fairness Frich power_on → Fonline “If something is requested then it will be allocated”: and so on . . . G(attempt → Fsuccess), GFattempt → GFsuccess. Usually: F.... Scheduling processes, responding to messages, etc. No process is blocked forever, etc.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 35 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 36
  10. 10. 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic Definition 1.12 (Language LLTL [Pnueli, 1977]) Models of LTL The language LLTL (Prop) is given by all formulae generated The semantics is given over paths, which are infinite by the following grammar, where p ∈ Prop is a proposition: sequences of states from Q, and a standard labelling function π : Q → P(Prop) that determines which ϕ ::= p | ¬ϕ | ϕ ∨ ϕ | ϕ U ϕ | Xϕ. propositions are true at which states. Definition 1.13 (Path λ = q1 q2 q3 . . .) The additional operators F (eventually in the future) and A path λ over a set of states Q is an infinite sequence G (always from now on) from Qω . We also identify it with a mapping N0 → Q. can be defined as macros : λ[i] denotes the ith position on path λ (starting from i = 0) and Gϕ ≡ Uϕ and Fϕ ≡ ¬G¬ϕ λ[i, ∞] denotes the subpath of λ starting from i (λ[i, ∞] = λ[i]λ[i + 1] . . . ). The standard Boolean connectives , ⊥, ∧, →, and ↔ are defined in their usual way as macros.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 37 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 38 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic Other temporal operators λ = q1 q2 q3 . . . ∈ Qω Definition 1.14 (Semantics of LTL) Let λ be a path and π be a labelling function over Q. The λ, π |= Fϕ iff λ[i, ∞], π |= ϕ for some i ∈ N0 ; semantics of LTL, |=LT L , is defined as follows: λ, π |= Gϕ iff λ[i, ∞], π |= ϕ for all i ∈ N0 ; λ, π |=LTL p iff p ∈ π(λ[0]) and p ∈ Prop; λ, π |=LTL ¬ϕ iff not λ, π |=LTL ϕ (we will also write λ, π |=LT L ϕ); Exercise λ, π |=LTL ϕ ∨ ψ iff λ, π |=LTL ϕ or λ, π |=LTL ψ; Prove that the semantics does indeed match the λ, π |=LTL Xϕ iff λ[1, ∞], π |=LTL ϕ; and definitions Fϕ ≡ U ϕ and Gϕ ≡ ¬F¬ϕ. λ, π |=LTL ϕ U ψ iff there is an i ∈ N0 such that λ[i, ∞], π |= ψ and λ[j, ∞], π |=LTL ϕ for all 0 ≤ j < i.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 39 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 40
  11. 11. 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic pos0 pos1 pos2 pos0 pos1 pos2 pos0 pos1 pos2 pos0 pos1 pos2 q0 q1 q2 q0 q1 q2 q0 q1 q2 q0 q1 q2 λ, π |= GFpos1 iff λ, π |= Fpos1 λ[0, ∞], π |= Fpos1 and λ[1, ∞], π |= Fpos1 and λ = λ[1, ∞], π |= pos1 λ[2, ∞], π |= Fpos1 and pos1 ∈ π(λ [0]) ...N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 41 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 42 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic Representation of paths Computational vs. bbehavioral structure Paths are in nite entities. System Computational str. They are theoretical constructs. 1 2 pos0 We need a nite representation! q0 pos0 Such a finite representation is given by a transition system or a pointed Kripke 1 2 pos2 pos1 structure. q2 q1 2 1 pos2 pos1N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 43 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 44
  12. 12. 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic Computational str. Behavioral str. Some Exercises q0 Example 1.15 Formalise the following as LTL formulae: q0 pos0 q0 q1 1 r should never occur. 2 r should occur exactly once. q2 q1 q0 q1 q1 q2 3 At least once r should directly be followed by pos2 pos1 s. 4 r is true at exactly all even states. 5 r is true at each even state (the odd states do Important! not matter). Does r ∧ G(r ∧ XXr) work? The behavioral structure is usually in nite! Here, it is an infinite tree. We say it is the q0 -unfolding of the model.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 45 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 46 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic Relation to first-order logic (1) Relation to first-order logic (2) 1 More precisely: an infinite path λ is described as a 1 The monadic first-order theory of (linear) first-order structure with domain N and predicates Pp order, FO(≤) (see Slide 29) is equivalent to for p ∈ Prop. The predicates stand for the set of timepoints where p is true. So each path λ can be LTL. represented as a structure Nλ = N, ≤N , P1 , P2 , . . . Pn . N N N Then each LTL formula φ translates to a first-order 2 There is a translation from sentences of LTL to formula αφ (x) with one free variable s.t. sentences of FO(≤) and vice versa, such that φ is true in λ[n, ∞] iff αφ (n) is true in Nλ . the LTL sentence is true in λ, π iff its translation And conversely: for each first-order formula with a free is true in the associated first-order structure. variable there is a corresponding LTL formula s.t. the same condition holds.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 47 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 48
  13. 13. 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic The formulae GFp, FGp Some Remarks 1 A particular logic LTL is determined by the 1 What are their counterparts in FO(≤)? number n of propositional variables. Strictly 2 We will see later that FGp does not belong to speaking, this number should be a parameter CTL, but to CTL∗ . It is not even equivalent to a of the logic. This also applies to the logics CTL CTL formula. and ATL. 3 However, GFp is equivalent to a CTL formula: 2 While both F and G can be expressed using U , AGAFp the converse is not true: U can not be expressed by F and G.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 49 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 50 1 Linear and Branching Time 1 Linear and Branching Time 1.3 Linear Time Logic 1.3 Linear Time Logic Satisfiability of LTL formulae Satisfiability of LTL formulae (cont.) A formula is satisfiable, if there is a path where it is true. Can Theorem 1.16 (Periodic model theorem we restrict the structure of such paths? I.e. can we restrict [Sistla and Clarke, 1985]) to simple paths, for example paths that are periodic? A formula ϕ ∈ LLTL is satis able iff there is a path λ which is If this is the case, then we might be able to construct ultimately periodic, and the period starts within 21+|ϕ| steps counterexamples more easily, as we need only check and has a length which is ≤ 41+|ϕ| . very specific paths. It would be also useful to know how large the period is and within which initial segment of the path it starts, depending on the length of the formula ϕ.  2O(n)  4O(n)N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 51 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 52
  14. 14. 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic Branching Time CTL, CTL∗ : Computation Tree Logics. Reasoning about possible computations of a system. 1.4 Branching Time Logic Time is branching: We want all possible computations included! Models: states (time points, situations), transitions (changes). ( Kripke models). Paths: courses of action, computations. ( LTL)N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 53 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 54 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic Example 1.17 (Branching Time) Path quanti ers: A (for all paths), E (there is a path); p q0 Temporal operators: X (nexttime), F (finally), p G (globally) and U (until); q q1 q2 CTL: each temporal operator must be immediately preceded by exactly one path q3 q4 q quantifier; CTL∗ : no syntactic restrictions. In this structure, whenever p holds at some timepoint, then there is a path where q holds in the next step and there is (another) path where ¬q holds in the next step. And this holds along all paths (there are three infinite paths).N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 55 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 56
  15. 15. 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic Definition 1.18 (LCTL∗ [Emerson and Halpern, 1986]) The LCTL∗ -formula EFϕ, for instance, ensures that there is at least one path on which ϕ holds at some (future) The language LCTL∗ (Prop) is given by all formulae generated time moment. by the following grammar: The formula AFGϕ states that ϕ holds almost ϕ ::= p | ¬ϕ | ϕ ∨ ϕ | Eγ everywhere . More precisely, on all paths it always holds from some future time moment. where LCTL∗ -formulae do not only talk about temporal patterns γ ::= ϕ | ¬γ | γ ∨ γ | γ U γ | Xγ on a given path, they also quantify (existentially or and p ∈ Prop. Formulae ϕ (resp. γ) are called state (resp. universally) over such paths. path) formulae. The logic is complex! For practical purposes, a fragment with better computational properties is often We use the same abbreviations as for LLTL : sufficient. λ, π |= Fϕ iff λ[i, ∞], π |= ϕ for some i ∈ N0 ; λ, π |= Gϕ iff λ[i, ∞], π |= ϕ for all i ∈ N0 ;N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 57 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 58 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic Definition 1.19 (LCTL [Clarke and Emerson, 1981]) For example, AGEXp is a LCTL -formula whereas AGFp is not. The language LCTL (Prop) is given by all formulae generated Example 1.20 (CTL∗ or CTL?) by the following grammar, where p ∈ Prop is a proposition: Are the following CTL∗ or CTL formulae? What do they ϕ ::= p | ¬ϕ | ϕ ∨ ϕ | E(ϕ U ϕ) | EXϕ | EGϕ. express? 1 EFAXshutdown 2 EFXshutdown We introduce the following macros: 3 AGFrain Fϕ ≡ U ϕ, 4 AGAFrain (Is it different from (3)?) AXϕ ≡ ¬EX¬ϕ, 5 EFGbroken AGϕ ≡ ¬EF¬ϕ, and 6 AG(p → (EXq ∧ EX¬q)) Aϕ U ψ ≡ . . . Exercise!N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 59 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 60
  16. 16. 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic The precise definition of Kripke structures is given in Section 4. To understand the following definitions it suffices Definition 1.21 (Semantics |=CTL ) ∗ to note that: Given a set of states Q (each is a propositional model), a Let M be a Kripke model, q ∈ Q and λ ∈ Λ. The semantics Kripke model M is simply a tuple (Q, R) where of LCTL∗ - and LCTL -formulae is given by the satisfaction relation |=CTL for state formulae by ∗ R ⊆ Q × Q is a binary relation. ∗ q1 Rq2 (also written (q1 , q2 ) ∈ R or R(q1 , q2 )) means that M, q |=CTL p iff λ[0] ∈ π(p) and p ∈ Prop; ∗ ∗ state q2 is reachable from state q1 (by executing M, q |=CTL ¬ϕ iff M, q |=CTL ϕ; ∗ ∗ ∗ certain actions). M, q |=CTL ϕ ∨ ψ iff M, q |=CTL ϕ or M, q |=CTL ψ; The relation R is serial: for all q there is a q such that M, q |=CTL Eϕ iff there is a path λ ∈ Λ(q) such that ∗ ∗ qRq . This ensures that our paths are infinite. M, λ |=CTL ϕ; Given a state q in a Kripke model, by Λ(q) we mean the set of all paths determined by the relation R starting in q: q, q1 , q2 , . . . , qi , . . . where qRq1 , . . . qi Rqi+1 , . . .N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 61 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 62 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic State-based semantics for CTL and for path formulae by: M, q |=CTL p iff q ∈ π(p); ∗ ∗ M, λ |=CTL ϕ iff M, λ[0] |=CTL ϕ; M, q |=CTL ¬ϕ iff M, q |=CTL ϕ; ∗ ∗ M, λ |=CTL ¬γ iff M, λ |=CTL γ; M, q |=CTL ϕ ∨ ψ iff M, q |=CTL ϕ or M, q |=CTL ψ; M, q |=CTL EXϕ iff there is a path λ ∈ Λ(q) such that ∗ ∗ ∗ M, λ |=CTL γ ∨ δ iff M, λ |=CTL γ or M, λ |=CTL δ; ∗ ∗ M, λ |=CTL Xγ iff λ[1, ∞], π |=CTL γ; and M, λ[1] |=CTL ϕ; ∗ M, λ |=CTL γ U δ iff there is an i ∈ N0 such that M, q |=CTL EGϕ iff there is a path λ ∈ Λ(q) such that ∗ ∗ M, λ[i, ∞] |=CTL δ and M, λ[j, ∞] |=CTL γ for all M, λ[i] |=CTL ϕ for every i ≥ 0; 0 ≤ j < i. M, q |=CTL Eϕ U ψ iff there is a path λ ∈ Λ(q) such that M, λ[i] |=CTL ψ for some i ≥ 0, and M, λ[j] |=CTL ϕ for all Is this complicated semantics over paths necessary for CTL? 0 ≤ j < i.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 63 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 64
  17. 17. 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic LTL as subset of CTL∗ Application of Clarke and Draghiescu LTL is interpreted over infinite chains (infinite words), but We consider the LTL formula GFp. Viewed as a CTL∗ formula not over (serial) Kripke structures (which are branching). it becomes AGFp. But this is equivalent (in CTL∗ ) to AGAFp, To consider LTL as a subset of CTL∗ , one can just add a CTL formula. the quantifier A in front of a LTL formula and use the Now we consider the CTL formula EGEFp. It is not semantics of CTL∗ . For infinite chains, this semantics equivalent to any LTL formula. This is because coincides with the LTL semantics. The theorem of Clarke und Draghiescu gives a nice EGEFp and AGFp characterization of those CTL∗ formulae that are are not equivalent in CTL∗ : equivalent to LTL formulae. Given a CTL∗ formula ϕ, we construct ϕ by just forgetting all path operators. p q0 q1 q2 Then ϕ is equivalent to a LTL formula iff ϕ and Aϕ are equivalent under the semantics of CTL∗ . The first formula holds, the second does not.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 65 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 66 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic LTL as subset of CTL∗ (2) Example 1.22 (Robots and Carriage) How do LTL and CTL compare? Two robots push a carriage from 1 2 The CTL formula AG(p → (EXq ∧ EX¬q)) describes pos opposite sides. 0 Kripke structures of the form in Example 1.17. No LTL Carriage can move clockwise or formula can describe this class of Kripke structures. anticlockwise, or it can remain in the The LTL formula AF(p ∧ Xp) can not be expressed by a same place. 1 2 pos 1 CTL formula. Check why neither AF(p ∧ AXp) nor pos 2 3 positions of the carriage. AF(p ∧ EXp) are equivalent. Similarly, the LTL formula 2 1 We label the states with propositions AFGp can not be expressed by a CTL formula. pos0 , pos1 , pos2 , respectively, to allow There is a syntactic characterisation of formulae for referring to the current position Figure 1 : Two expressible in both CTL and LTL. Model checking in this robots and a carriage. of the carriage in the object class can be done more efficiently. We refer to language. [Maidl, 2000].N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 67 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 68
  18. 18. 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic 1 2 pos0 M0 , q0 |=CT L EFpos1 : In state q0 , q0 pos0 there is a path such that the q0 pos0 carriage will reach position 1 sometime in the future. The same is not true for all paths, 1 2 pos2 pos1 q2 q1 so we also have: q2 q1 M0 , q0 |=CT L AFpos1 . pos2 pos1 2 1 pos2 pos1 It becomes more interesting if abilities of agents are Figure 2 : Two robots and a carriage: A schematic view (left) and a considered ATL. transition system M0 that models the scenario (right).N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 69 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 70 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic Example: Rocket and Cargo Example: Rocket and Cargo A rocket and a cargo. roL roL 2 roP roP The rocket can be moved between London (proposition 1 nofuel caL fuelOK caL nofuel caL 3 fuelOK caL 4 roL) and Paris (proposition roP ). roL → E♦roP The cargo can be in London (caL), Paris (caP ), or inside 5 roL 6 the rocket (caR). roL nofuel fuelOK roP nofuel roP fuelOK caR caR 7 caR caR 8 AG(roL ∨ roP ) The rocket can be moved only if it has its fuel tank full (f uelOK). roL → AX(roP → nof uel) roL roL roP roP When it moves, it consumes fuel, and nof uel holds after nofuel fuelOK nofuel fuelOK 9 caP 10 caP caP 11 caP 12 each flight.N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 71 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 72
  19. 19. 1 Linear and Branching Time 1 Linear and Branching Time 1.4 Branching Time Logic 1.4 Branching Time Logic Example: Rocket and Cargo In our logics, we assumed a serial accessibility relation: no deadlocks are possible. One can also allow states with no outgoing transitions. roL roL 2 roP roP nofuel fuelOK nofuel fuelOK In that case, in the semantical definition of E on Slide 65 1 caL one has to replace “there is a path” by there is an caL caL 3 caL 4 in nite path or one which can not be extended . Similar modifications are needed in the definition of 5 roL roL 6 roP roP nofuel fuelOK nofuel fuelOK E♦caP CTL. caR caR 7 caR caR 8 One can also add to each state with no outgoing transitions a special transition leading to a new state that loops into itself. roL roL roP roP nofuel fuelOK nofuel fuelOK 9 caP 10 caP caP 11 caP 12 How to express that there is no possibility of a deadlock? AGX ( CTL∗ ) AGEX ( CTL)N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 73 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 74 1 Linear and Branching Time 2 Cooperative Agents 1.4 Branching Time Logic A Venn diagram showing typical formulae in the respective areas. 2. Cooperative Agents 2 Cooperative Agents Alternating-Time Temporal Logics Imperfect InformationN. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 75 N. Bulling, J. Dix · Modelling, Verification and Reasoning in Multi-Agent Systems EASSS, 2012 76

×