Modal Specifications for Composition of Agent Behaviors
Hikmat Farhat
1
and Guillaume Feuillade
2
1
Notre Dame University-Louaize, Zouk Mosbeh, Lebanon
2
IRIT, Universite Paul Sabatier, Toulouse, France
Keywords:
Automated Planning, Behavior Composition.
Abstract:
The goal of the behavior composition problem is to build a complex target behavior using several agent be-
haviors. We propose two extensions to the framework where agent behaviors are modeled by finite transition
system and where the composition is done by coordinating the actions of the agents. The first extension is
done by making the composition indirect: instead of choosing the actions of the agent, the composition is
done by a controller issuing sets of instructions at each step. This allows to model problems where the agents
behaviors are not fully controllable. The second extension is the use of modal specifications as a goal for
the composition. These specifications express (infinite) sets of acceptable behaviors. We give an algorithm to
solve the extended composition problem and we show that these two extensions retain the important properties
of the initial framework and that the synthesis algorithm keep the same complexity.
1 INTRODUCTION
The behavior composition problem is the problem of
realizing a given target behavior by putting together,
in the right way, behaviors that in themselves would
not suffice to achieve the target. Behaviors are an
abstraction of sequences of actions made by agents.
They are suitable to describe any situation where one
is interested in the scheduling : for coordination of
physical agents, for agent being components of some
bigger agent or for online agents such a services.
When it is not the case that one unique agent can
achieve a goal behavior alone, then there is a need
for a composition of several agents in order to build
the desired behavior.
There are many different techniques for building a
composition. This paper focuses on a approach based
on synthesizing a special component, akin to a con-
troller that plays the role of a mediator between the
composition and any other system or user. To this ex-
tent, the problem is a synthesis problem, which is in
essence different from verification problems like the
ones solved by (Lomuscio et al., 2009). Another fo-
cus of the present work is to keep a polynomial com-
plexity while having a framework and specifications
expressive enough for modeling real problems.
This paper extends the work presented in (De Gi-
acomo et al., 2013) which considers a model where
agents behaviors are described by finite transition sys-
tems. This model is referred to in the litterature as the
“Roman Model” (Hull, 2005). In their framework,
the composition is obtained by the synthesis of some
super-agent that has a perfect knowledge about the
other agents and that decides at each step what ac-
tion of the agents must be enabled or disabled. This
super-agent act as a controller from the control the-
ory of (Ramadge and Wonham, 1989). Despite hav-
ing perfect knowledge and being able to control every
action of the agents, some uncertainty remains about
the outcome of the actions because the agents actions
may be nondeterministic. This means that the con-
troller must take into account every possible outcome
for any of the actions it enables.
The work presented in this paper is intended to
provide more flexibility with a more general frame-
work while also adding a class of specifications able
to express a set of constraints over the goal behavior
instead of a rigid single target behavior. In the frame-
work we propose, the controller does not choose the
agent actions but instead gives a set of instruction to
the agent community. The agents then execute actions
tied to the given instructions. This makes the control
over the actions of the agent more indirect and offers
the possibility to model composition problems where
the agent making the composition does not control ev-
ery move of the other agents.
The extension of the notion of target behavior is
done using the modal specifications of (Feuillade and
437
Farhat H. and Feuillade G..
Modal Specifications for Composition of Agent Behaviors.
DOI: 10.5220/0004817804370444
In Proceedings of the 6th International Conference on Agents and Artificial Intelligence (ICAART-2014), pages 437-444
ISBN: 978-989-758-015-4
Copyright
c
2014 SCITEPRESS (Science and Technology Publications, Lda.)
Pinchinat, 2007). A goal for the composition, ex-
pressed with modal specifications, is a set of accept-
able behaviors. These behaviors are expressed by a
language that states when an action is mandatory and
when it is optional. These specifications also come
with some nice properties such as being easy to de-
sign and modular.
We show in this paper that these two extensions
have no negative impact on the complexity of the
problem and we provide the synthesis algorithm. We
also show that the possibility of building a structure
capturing all the controllers still exist in our work as
well as the existence of a most permissive controller.
In section 2 the framework is presented and fol-
lowed by a discussion about the expressivity of the
framework and the advantages it offers. In section 3,
we present the results for the existence of a solution
to the composition problem and the notion of control-
lability. Section 4 is dedicated to the synthesis of con-
trollers. Finally we conclude in section 5.
2 FRAMEWORK
2.1 Behaviors
In this section we define two notions of behavior. First
we define a generic notion of behavior based on fi-
nite state transition systems. Next we introduce the
behavior model used for describing the agents. This
latter model adds preconditions to the actions of the
first behavior model. These preconditions represent
the instructions that are given to the agent and trigger
a corresponding action or even a choice between a set
of actions.
We start by fixing a finite set of actions Act and
a finite set of instruction Ins that we use all along the
paper.
Generic behaviors are defined as transition sys-
tems labeled by the actions of Act. That is: a behavior
B is a tuple
B, b
0
, δ
B
where B is a set of states, b
0
is the initial state and δ
B
B × Act×B is a transition
relation. We say that a behavior is finite when its set
of states is finite.
We represent agents by their possible behaviors.
In this paper agents are represented by transition sys-
tems labeled by a pair of one instruction and one ac-
tion. That is: an agent A is a tuple
A, a
0
, δ
A
where
A is a finite set of states, a
0
is the initial state and
δ
A
A × (Ins ∪{ε}) × Act ×A is the transition rela-
tion.
For behaviors, we write b
σ
b
0
for (b, σ, b
0
) δ
B
and for agents, we write a
i|σ
a
0
for (a, i, σ, a
0
) δ
A
a
1
a
2
a
3
a
0
pat
1
pat
2
m | go
2
m | go
1
back
1
back
2
c | ready
i
1
| go
1
i
2
| go
2
Figure 1: Drone behavior.
and a
σ
a
0
for (a, ε, σ, a
0
) δ
A
.
Intuitively, a
i|σ
a
0
means that, upon receiving the
instruction i in state a, agent A will perform action σ
and enter state a
0
. The instruction i is the precondition
of the action σ. The meaning of the special symbol
ε is that no precondition is required for the agent to
perform the action. Thus a
σ
a
0
means that the agent
A, in state a, will perform the action σ spontaneously
and enter state a
0
.
Note that when a
i|σ
a
0
and a
i|σ
0
a
00
then the
agent may choose between the two actions σ and σ
0
upon recieving i. This can also be the case that the
agent can execute the same action nondeterministi-
caly.
Example 1. Consider a flying drone whose behavior
is depicted on Figure 1. This drone can patrol two dif-
ferent areas named α
1
and α
2
to watch for fire starts.
At any time, it may need maintenance in which case
it has to go back to its base to undergo the necessary
operations such as refueling for example.
The drone starts in state a
0
where it is ready at the
base waiting for instructions. If given the instruction
i
1
, the drone will move to the area α
1
represented by
state a
1
using action go
1
and if given the instruction
i
2
, the drone will move to the area α
2
represented by
state a
2
using action go
2
. In either a
1
or a
2
, the drone
will patrol the area by itself using the action pat
1
or
pat
2
. It may also go back to the base for maintenance
using action back
1
or back
2
and entering state a
3
.
Upon receiving the instruction c, it will output the ac-
tion ready when the maintenance is over and return to
the initial state a
0
. When in α
1
or α
2
, it can be given
the instruction m to change area.
The idea behind this agent model is that when
given instructions, agent will develop some possibly
infinite behavior. Note that the agents may be
ICAART2014-InternationalConferenceonAgentsandArtificialIntelligence
438
nondeterministic and that there is no constraint on
the relation between instruction and actions: an in-
struction given to an agent in a given state may result
in different actions or may trigger a nondeterministic
action.
When several agents operate together, forming an
agent community, they are modeled as a single bigger
agent. Formally, the community of the agents A
1
=
A
1
, a
0
1
, δ
A
1
, . . . , A
n
=
A
n
, a
0
n
, δ
A
n
is represented by
the agent A =
A, a
0
, δ
A
which is the asynchronous
composition of the agents. That is:
its set of state A is A
1
× . . . × A
n
its initial state a
0
is (a
0
1
, . . . , a
0
n
)
its transition relation δ
A
satisfies
((a
1
, . . . , a
n
), i, σ, (a
0
1
, . . . , a
0
n
)) δ
A
if there
exists k {1, . . . , n} such that (a
k
, i, σ, a
0
k
) δ
A
k
and for all l 6= k, a
0
l
= a
l
.
2.2 Modal Specifications
The goal of agent composition is often given as
a target behavior (Sardina, 2007; Balbiani et al.,
2008). We propose in this paper to extend it to a
set of possible target behaviors using modal specifi-
cations for this purpose. Modal specifications have
been introduced to model objectives for control prob-
lems (Feuillade and Pinchinat, 2007). The definition
we use here is the following :
Definition 1 (Modal Specification). A modal specifi-
cation is a tuple S =
S, s
0
, May, Must
where
S is a set of states,
s
0
is the initial state,
May S ×Act×S a deterministic transition func-
tion of allowed transitions,
Must May a deterministic transition function of
necessary transitions
We say that a behavior B =
B, b
0
, δ
B
satisfies
a modal specification S =
h
S, s
0
, May, Must
i
if there
exists a satisfaction relation ρ (B, S) with (b
0
, s
0
)
ρ and for all (b, s) ρ and σ Act we have:
(i) (s, σ, s
0
) Must implies b
0
B with b
σ
b
0
and
(b
0
, s
0
) ρ,
(ii) b
σ
b
0
implies s
0
S with (s, σ, s
0
) May and
(b
0
, s
0
) ρ.
The definition we use here is the one for the modal
automaton and is different from the original definition
of modal specification. However, both definitions
have been proved to be equivalent in (Feuillade and
Pinchinat, 2007). Remark that in order to simplify
the algorithms of the paper, we require that the
two transition relations of modal specification are
deterministic. This is done without loss of generality,
the usual determinization of automaton being easy to
generalize to modal specifications.
Regarding the expressivity of modal specifica-
tions, we show that they are able to express the two
usual composition objectives : simulation and bisim-
ulation.
Let B be a behavior and S =
h
S, s
0
, May, Must
i
be
a modal specification. When May = Must, one can
verify that B satisfies S if and only if B is bisimilar to
the behavior B
S
=
S, s
0
, Must
. This is consequence
of the fact that the satisfaction relation ρ has to be a
bisimulation.
For a modal specification S to specify that a
behavior is similar to a target behavior T =
T, t
0
, δ
t
it suffices that S =
T {>}, t
0
, May, Must
where
> is a special state, Must = δ
t
and May is made into a
complete function. That is for any t T and σ Act,
if (t, σ, t
0
) δ
t
for some t
0
, then (t, σ, t
0
) May and
if there is no such t
0
, then (t, σ, >) May and finally
(>, σ, >) May. The idea for this definition is that
> act as a sink for any transition not in T and allows
the behavior to include freely any transition. As a
consequence, only the Must part of the specification
is relevant, practically meaning that condition (ii)
of the definition of satisfaction by a behavior B is
trivial. In the end, the satisfaction relation ρ is a
simulation between T and B.
Modal specifications go further than simulation
and bisimulation by allowing to express more con-
straints. One can for example specify that if a given
sequence of action occurs then some actions must oc-
cur afterward. This is particularly useful in the case
of failure of one agent or in cases of uncontrollable
events: when an undesired action is taken by the
agent, one may want the community to take appro-
priate measures in reaction. The following example
emphasizes this expressivity.
Example 2. Consider the modal specification S
d
of
Figure 2. In this figure, the transitions of Must are
the solid lines and the transitions of May are both the
solid and dashed lines. This modal specification is
meant to specify the behavior of a community com-
posed of two of the drones represented in Figure 2.
The objective of the community is to maintain one
drone patrolling in each of the two area whenever
possible. If one drone must return to the base for
maintenance, the agents must ensure that the remain-
ing drone patrols in the area α
1
since it is the most
sensible one. The modeling of these constraints is
ModalSpecificationsforCompositionofAgentBehaviors
439
s
6
s
5
s
4
s
3
s
2
s
1
s
0
pat
1
pat
2
pat
1
go
2
go
1
go
1
go
1
pat
1
pat
2
back
1
back
1
back
2
back
2
ready
back
1
readyready
Figure 2: Drone composition specification S
d
.
done by the specification S
d
. The key states of the
specification can be understood as follow :
state s
0
is the initial state. Both drones are ready
and at the base.
in state s
6
, there is one drone in each area.
in state s
5
, the drone which was in area α
1
is back
to base. The other one is still in area α
2
in state s
4
, one drone is at the base and the other
is in area α
1
.
The Must transition ensures that when both drone
are available they are sent in both area. It also en-
sures that whenever the drone in area α
1
is back to
base, the drone in area α
2
is sent to area α
1
(tran-
sition (s
5
, go
1
, s
4
)). When a drone is in position, the
Must transition obligates it to patrol the area. The
May transition specify which transitions are forbid-
den: each transition not in May should not happen.
This is the case for example for the transition go
2
in
state s
6
which would send the drone in area α
1
to area
α
2
.
Another interest of modal specification is their
underlying logical background: in (Feuillade and
Pinchinat, 2007) it is shown that they correspond to a
logic called the conjunctive nu-calculus
1
. This brings
one useful property: one can combine several modal
specifications with an and operator. In practice, this
is done in our setting by merging the initial state of
each modal specification and then applying the deter-
minization algorithm for the May transition. This is
useful for adding simple constraints to a more com-
plex specification. For example the constraint “ev-
ery action α must be followed by an action β can
be modeled by a two states modal specification and
added to a global specification with the and operator.
1
The conjunctive nu-calculus is a fragment of the mu-
calculus without disjunction and with only greatest fix-
points
The underlying logical setting allows for an im-
plicit declaration of the modal specification. We em-
phasize that this is an important improvement over
bisimulation/simulation based techniques where all
the states and transition of the behavior have to be
given explicitly.
One likely practical use of modal specification is
to express some behavior target the compositon has to
simulate and then add some further constraints using
additional independent specifications.
2.3 Control Problem
In our setting, the composition is done by a special
agent. This agent has a perfect knowledge of the cur-
rent state of the other agents and a perfect recall of
the previous events although we will show that this
latter knowledge is not mandatory. Given this knowl-
edge, the agent elects a set of instruction to be given
to the agent community. These instructions are not
given to any particular agent but to the community,
and any agent may respond to the instruction if there
is an available action in its current state whose precon-
dition matches the instruction. The set of instructions
given to the community must be chosen such that the
resulting behavior respects the specification.
We present the agent in charge of the composition
as a controller since one may consider it removes
instructions from the whole set Ins thus restraining
the available behaviors of the community. This
setting is different from the usual control settings
because the controller operates here in an indirect
way by issuing instructions.
We first define the notion of history. Let A =
A, a
0
, δ
A
be an agent community. An history is a
finite sequence of transitions (a
0
σ
0
a
1
. . .
σ
k1
a
k
)
where
the history begins with a
0
which is a
0
,
for all 0 i k 1, a
i
i|σ
i
a
i+1
for some i
Ins∪{ε}.
We use H
A
for the set of histories for A.
A controller C for the community A is a function
C : H
A
2
Ins
.
The controlled behavior of an agent or community
of agents A by a controller C for the specification S is
the behavior B
C
A
=
B, b
0
, δ
B
such that
B = H
A
b
0
is (a
0
), the empty history
ICAART2014-InternationalConferenceonAgentsandArtificialIntelligence
440
h
σ
h
0
in B
C
A
if and only if h
0
is h augmented with
the transition a
k
σ
k
a
k+1
where a
k
is the last state
of h and
either a
k
σ
k+1
a
k+1
is a transition of A
or there exists i C(h) such that a
k
i|σ
k
a
k+1
in
A
The controlled behavior B
C
A
is the unfolding of A
where any transitions with a non-empty precondition
is kept (without the precondition) only if the con-
troller allows it, i.e. when the controller outputs the
corresponding instruction.
Example 3. Let us consider again the example com-
posed of two drones from Figure 1. Let us consider
the controller that is initially issuing all instructions
{i
1
, i
2
, m, c}. Two of these instruction are without any
effect, they are m and c, the other two enable the tran-
sition go
1
and go
2
of each drone. This means that
the controlled behavior has 4 transitions in its initial
state (the empty history) being the two transition for
the two drones.
At some point, if the controller issues the empty set
of instructions while the first drone is in state a
1
and
the second is in state a
2
, there is still 4 uncontrollable
transitions in the corresponding controlled behavior
state, they are pat
1
, back
1
, pat
2
and back
2
.
Now we can state the composition problem in our
framework.
Composition Problem. Given an agent community
A and a modal specification S, does there exist a con-
troller C for A such that the behavior B
C
A
satisfies S .
In Section 3 we show that the notion of controlla-
bility is the key to solving this problem and we pro-
vide an algorithm to compute controllability. How-
ever, when the answer to this problem is positive one
usually wants the composition to be effectively com-
puted. This is the object of Section 4 where we show
that from the output of the controllability algorithm it
is easy to build a specific controller but also to con-
struct a structure that captures all the controllers and
thus allows to switch from a controller to another dur-
ing the execution.
2.4 Framework Discussion
As stated in the introduction, the framework proposed
in this paper extends the one of (De Giacomo et al.,
2013) in two directions: the model for the agents and
their relation with the controller is more general and
the modal specifications offers a better expressivity
for the goals of the composition. The contribution
offered by modal specifications having already been
highlighted, we aim the discussion here toward the
contribution brought by the instruction-based model
of agents.
In the more general version of the Roman model,
the control over the agent is done by the controller
selecting an agent and one action of this agents for
matching one transition of the target behavior. This
means that the controller have a total control over the
actions of the agents except from the fact that some
actions of some agent may be nondeterministic. In
the framework we propose, the Roman model corre-
sponds precisely to the special case where all the ac-
tions are subject to a precondition ; the preconditions
for an action σ in the agent A
k
being some instruction
σ
k
. That is, every transition is of the form a
σ
k
|σ
a
0
.
Because of space constraints, we do not include
in the framework proposed in this paper the notion of
environment and its effect upon the agents. We ensure
the reader that it can be included without modifying
the synthesis algorithm and the complexity results.
The environment has to be considered as embedded in
the agents in the framework of this paper. In practice,
the environement may be responsible for many oc-
curences of nondeterminism, in particular whenever
an agent has two different possible actions when given
an identical instruction.
The improvements over the Roman model offered
by our framework are: first, the actions without pre-
conditions are uncontrollable. It is reasonable that in
an agent setting, some action cannot be controlled.
Some effects of uncontrollable actions can be simu-
lated by nondeterminism but this is not the case where
some agent may become unresponsive to some in-
struction after an uncontrollable action. However, this
mechanism is particularly useful for embedding the
possible failure of some agent component in the ob-
jective of composition and thus making sure there is a
correct answer for this failure in the solution.
Second, an agent in a specific state and given a
specific instruction may respond with some different
actions. This can be a consequence of the fact that
the agent is an abstraction of the real agent, the fact
that the instruction leave the possibility for the agent
to choose autonomously its response to the instruc-
tion, or the fact that the environement may alter the
available response to the instruction at the given state.
Finally, an instruction may be given to a set of
agents and not to one particular agent. This allows
one to represent systems where the agents are more
autonomous about their organization. This can model
for example a set of elevators in the same building:
when a user calls the elevator, she does not know
which elevator will answer her call.
Related works also include the framework of (Bal-
ModalSpecificationsforCompositionofAgentBehaviors
441
biani et al., 2008) where the agents are controlled by
communications. The main difference with this paper
is that in their framework the communications are ac-
tions. This allows to consider asynchronous commu-
nications with the drawback that this causes an expo-
nential blow-up in the composition algorithm because
the communication must be removed for checking the
simulation with the target behavior.
3 CONTROLLABILITY
In this section we present a notion of controllability
inspired by the similar notion from control theory.
Controllability captures the set of positions in the exe-
cution where the control has a solution and practically
gives an optimal answer to the composition problem.
Given A =
A, a
0
, δ
A
a communicating agent and
S =
h
S, s
0
, May, Must
i
a modal specification, it is con-
venient to define, for each pair (a, s) of states of A and
S the notion of acceptable instruction as the set of
instructions that only produce transitions that are al-
lowed by the specification. Formally the set of accept-
able instructions is the subset AI(a, s) of Ins such that
for each i AI(a, s) there is some transition a
i|σ
a
0
only if (s, σ, s
0
) May for some s
0
.
3.1 Controllability
Let A =
A, a
0
, δ
A
be a communicating agent and
S =
h
S, s
0
, May, Must
i
be a modal specification. The
notion of controllability of a state a of A w.r.t a state
s of S captures the fact that there is a solution to the
controller synthesis problem starting in a for satisfy-
ing the specification from state s. Formally the set of
controllable pairs of states in A ×S is the largest rela-
tion ρ A × S with, for all (a, s) ρ
(i) for all σ Act, if a
σ
a
0
for some a
0
A then there
exists s
0
such that (s, σ, s
0
) May and (a
0
, s
0
) ρ
(ii) there exists a subset E of AI(a, s) such that
for all i E, if a
i|σ
a
0
for some a
0
A and
σ Act, then there exists s
0
such that (s, σ, s
0
)
May and (a
0
, s
0
) ρ
for all (s, σ, s
0
) Must either a
σ
a
0
or there is
c E such that a
c|σ
a
0
We say that a state a of A is controllable w.r.t the state
s of S if (a, s) ρ. We say that A is controllable w.r.t
S if (a
0
, s
0
) ρ.
Note that if one considers only item (i) and forgets
communications, ρ is the biggest simulation between
A and S where S is seen as an agent with May as
transition function.
The following result show that controllability an-
swers the composition problem.
Theorem 1. There exists a controller for A w.r.t the
modal specification S if and only if A is controllable
w.r.t S .
Due to space constraints we do not include the
proof in this paper. The idea is that the ρ relation
that is computed here is the relation for the satisfac-
tion of S and that the sets E are the outputs of some
controller.
3.2 Algorithm for Controllability
Our algorithm for computing controllability is very
similar to the one for computing the biggest simula-
tion relation between transition systems. The princi-
ple is to build the controllability relation ρ over A ×S
and at the same time for each pair (a, s), to build a
set E(a, s) Ins which is the E set of item (ii) in the
definition of controllability.
The algorithm first assigns every element of S ×A
to the relation ρ, and assigns the maximal set of
instructions for each such element (which is the set of
acceptable instruction). The next step is the iteration
of a procedure for removing “bad” states until a
fix-point is reached.
Controllability (A,S )
Init. : ρ = A × S and E(a, s) = AI(a, s)
2
Iterate until fix point : foreach
(a, s) ρ do : remove (a, s) from ρ if
either of these condition is met:
there exist a
σ
a
0
and there is no s
0
such that (s, σ, s
0
) May and (a
0
, s
0
) ρ
there exists (s, σ, s
0
) Must and there is
no i E(a, s) {ε} such that a
i|σ
a
0
and
(a
0
, s
0
) ρ.
Note that both items of the algorithm are done lo-
cally. Obviously, the algorithm terminates, and the
bound on the number of iterations is given by the
size of the set A × S. If we consider that A is the
agent community composed by A
1
, . . . A
n
then the al-
gorithm is exponential in n. If we fix n, then the
algorithm is polynomial in the size of the set A × S.
This complexity is the same as the one for the Roman
Model and matches the lower bound of (Muscholl and
Walukiewicz, 2008).
2
Note that the computation of AI is local to pairs of
states.
ICAART2014-InternationalConferenceonAgentsandArtificialIntelligence
442
4 CONTROLLER SYNTHESIS
Since a controller chooses a set of instructions based
upon some history, it is convenient to introduce
a notion of labeled history where the controller
follows the history on the specification at the
same time as on the agents. Formally, given an
agent A =
A, a
0
, δ
A
and a history h H
A
with
h = (a
0
σ
0
a
1
. . .
σ
k1
a
k
), the labeling of h with a
modal specification S =
h
S, s
0
, May, Must
i
is the his-
tory h
S
= ((a
0
, s
0
)
σ
0
(a
1
, s
1
). . .
σ
k1
(a
k
, s
k
)) where
s
0
= s
0
and (s
i
, σ
i
, s
i+1
) May for 0 i k 1.
Remark that such labeling is unique because the
May transition of the specification is deterministic.
From this point on, we define controllers over labeled
history instead of regular histories since there is a one
on one correspondence. We use H
S
A
for the set H
A
labeled by S .
We say that a controller is memoryless when it
does only consider the last state of the labeled history
for deciding its set of instruction. Thus a memoryless
controller is a function C : A × X 2
Ins
. In practice,
a memoryless controller follows the transitions of A
on S but only keep in memory the last pair of states.
4.1 Most Permissive Controller
Modal specifications, when used to specify control
objective, have the property to have a biggest solu-
tion in the sense of the inclusion of behaviors. This
property remains true in the composition setting. The
consequence is that, whenever an instance of the com-
position problem has a solution, then amongst all the
controllers, there is one that produces the largest con-
trolled behavior. Consider the following definition.
Definition 2 (Most Permissive Controller). The most
permissive controller for A and S is the controller
PC : A × S 2
Ins
where c PC(a, s) if and only if
c AI(a, s),
for all a
0
A, s
0
S and σ Act such that a
c|σ
a
0
and (s, σ, s
0
) May, a
0
is controllable w.r.t s
0
.
Remark that this controller is memoryless. The
next theorem states that the controller PC is indeed
the most permissive controller in the sense that it is
the one that gives the most instructions at each step.
Theorem 2. Let A =
A, a
0
, δ
A
be a communicating
agent and S =
h
S, s
0
, May, Must
i
be a modal specifi-
cation. If there exists a controller C for A w.r.t S then
the most permissive controller PC satisfies, for each
labeled history h
S
ending on the pair of states (a, s),
that C(h) PC(a, s).
The synthesis of the most permissive controller
is the synthesis of the maximal controllable subset
of A × S. Since the algorithm we provided in previ-
ous section for controllability works as a greatest fix-
point, is computes exactly this maximal controllable
subset. As a consequence, the controller is the set E
given by the algorithm for controllability.
4.2 Controller Generator
The concept of controller generator has been intro-
duced in (De Giacomo et al., 2013); the key idea is
to build not a single controller but a structure captur-
ing the set of all controllers which are solutions of the
initial problem. The structure captures all the memo-
ryless controller, but also allows to switch at any time
from one to another thus capturing all the controllers
in a finite way.
Definition 3 (Controller Generator). Let A =
A, a
0
, δ
A
be a communicating agent and S =
h
S, s
0
, May, Must
i
be a modal specification. The con-
troller generator for A and S is a partial mapping
CG : A ×S 2
2
Ins
defined by : for all a A and s S
where a is controllable w.r.t s, CG(a, s) is the set of
subsets C of Ins where
(i) C PC(a, s)
(ii) for each σ Act such that (s, σ, s
0
) Must for
some s
0
, we have
either a
0
A with a
σ
a
0
or a
0
A, i C such that a
i|σ
a
0
At each pair (a, s) where a is controllable w.r.t
s, the controller generator associates a set of sets of
instructions. Each of these sets is a correct set of
instructions in the sense that it fulfill the local re-
quirements of the specification and only allow tran-
sitions into some controllable states. Note that the set
CG(a, s) is a lattice whose greatest element is PC(a, s)
but that may not have a least element. The following
theorem ensures that the controller generator captures
all solutions of the composition problem.
Theorem 3. Let A =
A, a
0
, δ
A
be a communicating
agent and S =
h
S, s
0
, May, Must
i
be a modal specifi-
cation. If A is controllable w.r.t S then each controller
C satisfies foreach labeled history h H
S
A
ending on
(a, s) that C(h
S
) CG(a, s).
The synthesis of the controller generator is done
using the following algorithm:
synthesize the most permissive controller PC us-
ing the algorithm for controllability
foreach pair (a, s) A × S where PC(a, s) is de-
fined, compute the minimal subsets satisfying the
ModalSpecificationsforCompositionofAgentBehaviors
443
item (ii) of the definition. The lattice CG(a, s) is
the set of elements included in PC(a, s) and in-
cluding any of these minimal subsets.
The complexity of the algorithm is bounded by
the one of the algorithm for controllability multiplied
by 2
|Ins|
. This remains exponential in the number of
agents and polynomial in number of elements in A×S
if we don’t consider the number of elements in Ins as
a parameter.
5 CONCLUSIONS
This paper extends the framework of the Roman
Model with the notion of instructions. This indirect
mean of control introduces uncontrollability in sev-
eral different ways into the models. This allows one to
tackle new composition problems where some agent
may not behave exactly as predicted or asked to as
well as problems where the agents are keeping some
autonomy. We have also extended the goal of the
composition from a rigid given behavior into a spec-
ification that can be more lenient than bisimulation
but also more strict than simulation. We believe this
is necessary whenever uncontrollable events are con-
sidered in the model. In fact, when one may request a
behavior to at least include a target behavior like sim-
ulation do, it is suitable to be able to add some bounds
to the behaviors that are not requested but produced
by the mean of a permissive controller or by uncon-
trollable actions. We also stress the fact that a more
lenient specification may allow to obtain more solu-
tions for difficult problems. This is particularly true
for planning under the eventuality of failure.
Both extensions we proposed are free in the sense
that they have a cost neither in complexity nor in the
existence of a controller-generator. We also believe
that the expression of the composition of the prob-
lem in safety games is still possible but this point will
need further investigations. The next natural step is
drop perfect information and introduce some form of
partial observation. The question being: is it possible
to introduce partial observation without getting into
the usual exponential blowup.
REFERENCES
Balbiani, P., Cheikh, F., and Feuillade, G. (2008). Compo-
sition of interactive web services based on controller
synthesis. In International Workshop on Web Service
Composition and Adaptation(WSCA’08), pages 521–
528, Honolulu, USA. IEEE.
De Giacomo, G., Patrizi, F., and Sardina, S. (2013). Auto-
matic behavior composition synthesis. Artificial Intel-
ligence Journal, 196:106–142.
Feuillade, G. and Pinchinat, S. (2007). Modal specifica-
tions for the control theory of discrete event systems.
Discrete Event Dynamic Systems, 17(2):211–232.
Hull, R. (2005). Web services composition: a story of mod-
els, automata, and logics. In Web Services, 2005.
ICWS 2005. Proceedings. 2005 IEEE International
Conference on, pages xxx–xxi vol.1.
Lomuscio, A., Qu, H., and Raimondi, F. (2009). Mcmas:
A model checker for the verification of multi-agent
systems. In Bouajjani, A. and Maler, O., editors, CAV,
volume 5643 of Lecture Notes in Computer Science,
pages 682–688. Springer.
Muscholl, A. and Walukiewicz, I. (2008). A lower bound
on web services composition. In Proceedings of the
international conference on Foundations of Software
Science and Computation Structures (FoSSaCS 07),
pages 274–286. Springer.
Ramadge, P. and Wonham, W. (1989). The control of dis-
crete event systems. Proceedings of the IEEE, 77:81–
98.
Sardina, S. (2007). Automatic synthesis of new behaviors
from a library of available behaviors. In In Proc. of
IJCAI 2007, pages 1866–1871.
ICAART2014-InternationalConferenceonAgentsandArtificialIntelligence
444