Content uploaded by José Luis Vilchis Medina
Author content
All content in this area was uploaded by José Luis Vilchis Medina on Apr 18, 2020
Content may be subject to copyright.
A Resilient Behavior Approach Based on
Non-monotonic Logic
Jos´e Luis Vilchis Medina1and Pierre Siegel1and Vincent Risch1and Andrei
Doncescu2
1Aix-Marseille Univ, Universit´e de Toulon, CNRS, LIS
Marseille, France
{joseluis.vilchismedina,pierre.siegel,vincent.risch}@lis-lab.fr
2LAAS, CNRS
Toulouse, France
andrei.doncescu@laas.fr
Abstract. In this article we present an approach for representing a re-
silient system which has the capability of absorb perturbations and over-
come a disaster. A framework called KOSA is depicted, which is a world
that contains a set of knowledge describing objectives, states and actions,
linked by a set of rules. This link is expressed by a default theory. First,
we define resilience as a relation among states and objectives. Secondly,
from a given state, extensions are calculated, which provides informa-
tion where to go to the future state. The connection, among two or more
states creates different configurations that we call trajectories. These
connections represent an evolution of the knowledge. Consequently, this
reveals the existence of a resilient trajectory. Examples of piloting an
airplane are concerned through this paper. Eventually, we present a dis-
crete theoretical behavior of the complete model. Finally the notion of
distance among extensions is introduced.
1 Introduction
In every approaches, resilience always concerns the capability for a system to
absorb perturbations and overcome a disaster1 2. For example, nature exhibits
many resilient behaviors: flock of birds, school of fish, ecological disasters. . . This
behavior allows flocks of birds and schools of fishes to survive in an uncertainty
environment, looking for food in order to preserve the species despite of preda-
tors. Ecological disasters such as seaquakes, tornados and earthquakes involve a
resilient behavior since in all the cases after disasters occurred, elements of the
nature will find an equilibrium point. These examples can be translated in an
abstract way. For instance, if we consider two systems, s1and s2, which both
are connected in some manner there exists two types of connections with a view
to keep a balance among both systems. First, a positive feedback is a process in
1https://en.wikipedia.org/wiki/Resilience
2https://dictionary.cambridge.org/search/english/direct/?q=resilience
1
which the effects of small perturbations in s1affects s2, producing disturbances
in s2which in turn will also affect s1. This can lead to collapse of both s1and
s2. A positive feedback causes instability, the output of a system is generally an
exponential growing, chaotic behavior or diverge from an equilibrium point. On
the other hand, a negative feedback produces a reduction at its output, leading
to stability or equilibrium point, reducing the effects of disturbances [1, 2].
1.1 Resilience: State of the Art
Here, we consider Holling’s definition about resilience. He defined it regarding
four properties: reorganization,exploration,release and conservation [3, 4]. Re-
silience was recently studied from a logical point of view: non-monotonic logic [5]
was used to describe, mainly, two of the four properties defined by Holling: explo-
ration and conservation (mostly, to explore solutions and conserve consistency
when facing of perturbations).
From this view, we discuss some questions that motivated this study: What
is the relation among states and objectives? Is there a resilient behavior? Are
there resilient trajectories?
In this article, we introduce a model which allows to understand the prop-
erty of resilience and the interactions among the elements of a system. Regard-
ing the first question about the relation among states and objectives, this is a
non-monotonic relation. Thanks to non-monotonic logic, we can formalize con-
tradictories states, when perturbations occurred, and conserve the consistency
of the knowledge according to the objectives. Regarding the resilient behavior
and resilient trajectories, we need define some concepts. In general physics, a
trajectory is defined as the successions of the positions of a body in a framework
[6, 7]. In here, a trajectory will be defined as successions of jumps among fixed
points. A fixed-point [8] is a solution of an equation or a system of equations.
These fixed points are obtained using defaults from a default theory. This default
theory is the core of default logic [9] that is a type of non-monotonic logic [10].
To get a resilient behavior, we redefine Minsky model which, according to Mar-
vin Minsky [11, 12], refers to three fundamental parts: a current state in which a
situation develops, a second state on which we want to stay, and finally, the dif-
ference among both states. Through this study, examples of piloting an airplane
are going to be explained. There are many cases that involve contradictories sit-
uations, e.g. emergency landing, bad human decisions, system failures. . .[13–15].
Recently, fatal accidents have occurred with 737 airplanes operated by Boieng3.
On the one hand, software in MCAS4was not resilient to adapt the physical
modifications of the engines in order to optimize fuel consummation. On the
other hand, pilots on board also were not resilient to overcome the situation
since they were not trained to solve the bad measures displayed on the cockpit.
In summary, these problems were the result of two non-resilient systems, because
of a system failure and incomplete information.
3https://www.boeing.com/commercial/737max/737-max-software-updates.page
4Maneuvering Characteristics Augmentation System
2
1.2 Classical Logic
Logic is a particular way of thinking, it studies the formal principles of inference.
This is logical consequences from given axioms. Formal systems, e.g., proposi-
tional, predicate, modal. . . are symbolic constructions in a particular language
which allows to study inference [10]. Propositional logic is defined as least set of
expressions satisfying: >(true) and ⊥(false) are formulas, and if A and B are
formulas: ¬A(not A), A∧B(A and B), A∨B(A or B) and A→B(A implies
B). A proposition can be any sentences, e.g., “It’s a sunny day”, “Robert can
pilot his airplane”. Propositional variables are denoted by a, b, c.. .The sentence
“It’s a sunny day” could be represented by a, and the other sentence “Robert
can pilot his airplane” by b. It can be composed to create complex sentences,
e.g., “It’s a sunny day and Robert can pilot his airplane”, resulting: a∧b. First-
Order Logic (FOL) or predicate logic is an extension of propositional logic that
includes universal and existential quantifiers, ∀and ∃, respectively. Predicates
are denoted by P, Q, R. . .FOL is very expressive, so it is very natural to formal-
ize sentences. For instance, We can formalize the next sentence: “all airplanes
land on wheels”, with the following rule:
∀y, Airplane(y)→Land on wheels(y) (1)
But we also know that some floatplanes are airplanes that do not land on wheels
and some airplanes use skis to land on ice or snow. So, we have the following
rules:
∀y, Ski airplane(y)→Airplane(y) (2)
∀y, Ski airplane(y)→ ¬Land on wheels(y) (3)
We can see that formalizations (1) and (3) are contradictory. This is because clas-
sical logic, such as FOL, is monotonic. This property is very important in the
world of mathematics, because it allows to describe lemmas previously demon-
strated. But this property cannot be applied to uncertain, incomplete informa-
tion or exceptions. In such situations, we would expect adding new information
or set of formulas to a model, the set of consequences of this model to be reduced.
Formally the property of monotony is: A`wthen A∪B`w. The problem leads
directly to the general representation of common sense knowledge. By moving
to non-monotonic framework, we can carry out the principle of explosion and
nevertheless reach a conclusion.
1.3 Default Logic
It is one of the best known formalization for default reasoning, founded by Ray-
mond Reiter. This kind of formalization allows to infer arguments based on
partial and/or contradictory information as premises [9]. A default theory is a
pair ∆= (D, W ), where Dis a set of defaults and Wis a set of formulas in
FOL. A default dis: A(X):B(X)
C(X), where A(X), B(X), C (X) are well-formed for-
mulas. A(X) are the prerequisites,B(X) are the justifications and C(X) are the
3
consequences. Where X= (x1, x2, x3, . . . , xn) is a vector of free variables (non-
quantified). Intuitively a default means,“if A(X) is true, and there is no evidence
that B(X) might be false, then C(X) can be true”. The use of defaults implies
the generation of sets containing the consequences of these defaults, called ex-
tensions. An extension can be seen as a set of beliefs of acceptable alternatives.
Formally, an extension of a default theory ∆is the smallest set Eof logical
formulas for which the following property holds: If dis a default of D, whose the
prerequisite is in E, and the negation of its justification is not in E, then the
consequent of dis in E[9].
Definition 1. Let ∆= (D, W ), an extension Eof ∆is define:
–E=S∞
i=0 Eiwith:
–E0=Wand,
–for i > 0: Ei+1 =T h(Ei)∪{C(X)|A(X):B(X)
C(X)∈D,A(X)∈Ei,¬B(X)6∈ E}
Where as T h(Ei) is the set of formulas have derived from Ei. A default is said to
be normal when defaults have the form: A(X):C(X)
C(X). The main result regarding
normal defaults theories is that at least one extension is always guaranteed.
The original version of the definition of an extension is difficult to compute in
practice. Since it involves checking that ¬B6∈ Ewhile Eis not yet calculated.
In the case of normal defaults, Eis an extension of ∆if and only if: we replace
¬B(X)6∈ Eby ¬C(X)6∈ Ei. Regarding the rules (1) and (3), we can refine the
sentence “all airplanes land on wheels” by “generally, airplanes land on wheels”.
Having a default theory that is composed of D={Airplanes(y):Land on wheels(y)
Land on wheels(y)},
and a knowledge about airplanes:
W={Floatplane(y)→Airplane(y),Floatplane(y)→ ¬Land on wheels(y)}.
Using D, we can note that the prerequisite Airplane(y) is true and the jus-
tification Land on wheels(y) is inconsistent with W, because of:
Floatplane(y)→ ¬Land on wheels(y),
then we cannot conclude that floatplanes land on wheels. But we know that some
floatplanes have wheels, formally, W∪ {Floatplane wheels(y)→Airplane(y)}.
With this a new information, the prerequisite of Dis true and the justification
is consistent, hence we can conclude that there are floatplanes that have wheels
and land on wheels.
2 KOSA
KOSA is an acronym for Knowledge-Objectives-States-Actions framework. It is
a formalization in default logic which allows to study the property of resilience.
KOSA is a theory which use non-temporal logic to describe its evolution. This
theory is used to describe a resilience system.
4
Definition 2. AKOSA theory is a default theory ∆= (D, W ), where W=
(R∪I):
–D is a set of defaults which represents uncertain rules. It contains actions:
A(x):B(x)
C(x), and perturbations: :C(x)
C(x),
–R is a set of formulas in FOL which represents certain rules,
–I is a set of grounded literals which represents the state of a system, thereafter
we will say that Iis a state.
D={d1, d2, d3,· · · }, R ={r1, r2, r3,· · · }, I ={i1, i2, i3,· · · }
Therefore a KOSA theory,∆= (D, (R∪I)), has two types of knowledge:
static and dynamic.Dand Rare static, when KOSA evolves these rules do not
change. On the other hand, Iis the dynamic system.
Definition 3. Atransition is a change of state, ∆= (D, (R∪I)) ∆0=
(D, (R∪I0)). Considering that Dand Rare static, the evolution occurs when I
changes. Hence a transition amounts to I I0.
Example 1. In the context of piloting an airplane, a transition I I0can be as
follows:
D={emergency :Land()
Land() ,¬obstacle :Land()
Land() ,:Y oke()
Y oke() ,:¬M otor()
¬Motor() · · · }
R={Aircraf t() →F light(),· · · }
We have Dand Rthat are fixed rules, and Iwill change, for instance:
I={Altitude(50), Compass(north), AirS peed(80),· · · }
I0={Altitude(80), Compass(west), AirS peed(70),· · · }
Definition 4. Aperturbation is a modification of some values of I(Fig.1 rep-
resents a perturbation that can trigger a transition).
In practice, perturbations can have many causes, e.g. when the pilot pulls the
yoke (yoke’s position changes), the wind changes (airspeed changes), instructions
are given by the control tower (state of flight changes). . . In a real system, pertur-
bations occur very often, e.g., airplane’s position changes even if all parameters
are stables 5.
Definition 5. Atrajectory T={I=i0, i1, i2,· · · , in−1, in=I0}is a sequence
of states with W= (R∪I)consistent (Fig.2 is a trajectory Twith some per-
turbations). A long-term objective I0is the last element of a sequence T, and
intermediates objectives are ikwith 0≤k < n.
5In fact, there are two types of disturbances, internal (pilot pulls the yoke) and
external (changes in the environment). We just mention them but we are not going
to detail them because of place unavailable.
5
I I0
Fig. 1: A vertical arrow represents a perturbation that can trigger a transition.
T={I=i0, i1, i2,· · · , in−1, in=I0}
Fig. 2: A trajectory Twith some perturbations.
For the moment we can consider that short-terms objectives are intermediates
objectives with a reduced number of states. Further on, we will detail the formal
definition of short-term objectives.
Example 2. During a take-off, an airplane should have above stall speed as a
short-term objective. Once take-off is done, he should climb to increase in al-
titude, which is another short-term objective. He will maintain this objective
until he reaches a specific altitude and keep on, a long-term objective. To sum-
marize, piloting an airplane is following different objectives and changing them
depending of the perturbations.
Definition 6. Let ∆aKOSA theory, T is a tra jectory of ∆and I0an objective
of T (that means I0is the last element of T).
–K= (∆, T )is resilient, if for all perturbations on T there exists K0=
(∆, T 0), such that I0is the objective of T0.
–∆is resilient, if for all trajectories T, K= (∆, T )is resilient.
Considering that all the parameters of the states can be modified. We have
that ∆is resilient if K= (∆, T ) can reach an objective I0of T from a perturbed
state Ip, passing from Ipto I0with W= (R∪I) consistent. We give a method
to find a trajectory T using default logic. Consider both K= (∆, T ) and an
objective I0of T. Given a perturbation in the current state I(perturbed state Ip),
this will trigger a calculation of extension E. Selecting the best extension Eit will
be possible to reach I0. For that, we consider that each default has a ponderation
with different criteria (these could be importance, security, legislation, . . . ), e.g.
dx= [C1, C2, . . . , Cm] with Cm∈[0,1,2,...,100]. Then, E={d1, d2. . . }=
{[d1C1, d1C2, . . .],[d2C1, d2C2, . . .]. . . }, that means a default d1has more than two
ponderations criteria d1C1and d1C2, a default d2has more than two ponderations
criteria d2C1and d2C2, and so on. We can see that each extension has multiple
criteria, we need to separate each criterion for each extension. For this we are
inspired by previous research [16,5]. For a given Ewith two default d1, d2and
6
two criteria C1, C2, a normalization can be as follows:
|d1C1|=d1C1
d1C1
+d1C2
d1C1
+· · · +d1Cm
d1C1
|d2C2|=d2C1
d1C2
+d2C2
d1C2
+· · · +d2Cm
d1C2
.
.
..
.
..
.
..
.
.
|dxCm|=dxC1
d1Cm
+dxC2
d1Cm
+· · · +dxCm
d1Cm
If we continue the normalization for all Ecalculated, we will have an array of
extensions Eand normalization criteria. Applying an opportunistic principle [17,
18] which in decision theory is a minimax function, we obtain a solution En. This
Enis the best solution to reach I0. In this way we have the transition from Ip
to I0. However, if there are more perturbations there will be intermediate objec-
tives, resulting a trajectory T={Ip=i0, i1, i2,· · · , in−1, in=I0}. To be more
realistic, we can considerate a system with an long-term objective I0interacting
through an uncertainty environment, a perturbed state Iptriggers a computation
of extensions Eat moment Sp,E={I0, I1, I3, I5}, then an extension I1is chosen
using the same principle as before in this section. At some moment, perturbation
ζ1occurs and extensions are computed one more time: E={I1, I4, I5, I6}, and
I6is selected. This process occurs every moment a perturbation ζoccurs. In this
sense, an objective I0is the concatenation among states Ikand perturbations ζ,
a trajectory can be as follows: T?={I1·ζ0·I6·ζ1·I3·ζ2·I6·ζ3·I5·ζ4·I4·ζ5·I1· · · }.
Depending on the force of ζdifferent trajectories can be generate, for instance:
TM={I5·ζ0·I4·ζ1·I3·ζ2·I6, ζ3·I5·ζ4·I4·ζ5·I6· · · } (Fig.3 represents the
evolution of trajectories).
The different between T?and TMis the magnitudes of the forces ζ, that’s
means if a trajectory is longer then ζhas a great impact and vice-versa. In
practice, grounded states Iare made at each interval of time. This depends of
sampling time of the system.
Definition 7. Let K= (∆, T )resilient where ∆is a KOSA theory and Tis a
trajectory of ∆. There is a strong or safe resilience on T.
–strong resilience is the ability of K= (∆, T )to reach an objective I0(an
objective I0is the last element of T) regardless of the perturbations it suffers,
–safe resilience is the ability of K= (∆, T )to transform a final objective I0
to an intermediate objective I00, in order to maintain in good conditions the
elements of a physical system.
Example 3. In aviation, pilots in a twin-engine aircraft can land with a single
one because the other suffered damage in mid-flight6, this can be considerate as
astrong resilience.
6https://www.cbsnews.com/news/small-plane-makes-emergency-landing-on-new-
jersey-beach-today-2019-06-01/
7
Sp
I0
I1
I2
I3
I4
I5
I6
.
.
.ζ0ζ1ζ2ζ3ζ4ζ5
· · ·
I0
Fig. 3: Evolution of trajectories T?and TM.
Example 4. When an electric motor rotates certain revolutions per minute and
at some point it has a fault. The motor could demand more current to maintain
the revolutions. Thanks to new technology this kind of electrical systems include
protection systems. In case of a fault, it should enter a safe resilience so as not
to damage resistors and transistors due to this excess current.
T={I=i0, i1, i2,· · · , in−1, in=I0}
{i0
2,· · · , i0
n−1, i0
n=I00 =I0}
Fig. 4: A trajectory Twith a perturbation on i1and the transformation of it
with the same objective I0=I00 .
2.1 Minsky’s Model
This is a model that was created by Marvin Minsky [11, 12]. The principle of this
model lies on the fact of having three fundamental parts. First, a current state in
which a situation develops, second at state on which we want to be. Finally, the
difference between both states. The difference are the necessary stages to reach
the desired state (Fig. 5 represents Minsky model). The principle of Minsky
model is introduced in K= (∆, T , I0). This will allow to have a measure of
distance among intermediates objectives. That is, for a given state Iand a long-
term objective I0, this gives a distance to another nearby objective Ik.
Definition 8. For a given state I, a short-term objective is the closest state Ik
where there are fewer disturbances.
8
Want
Now
Diff
Fig. 5: Minsky model.
The purpose of a distance is to know about the shape of the trajectory Tin
∆. To carry out this hypothesis, we include an axis that represents the current
states Iand another axis for the long-term objectives,I0.
Definition 9. Vertical axis (want-axis) contains the objectives I0. Horizontal
axis (now-axis) is composed of the states I(Fig. 6 represents the axis).
Remark 1. A point on want-axis is an objective that is accessible through a tra-
jectory T.
Proposition 1. The radius pof an extension Eis the sum of its ponderations,
considering the intersection of now–want axis as the origin.
Proof. From a given K= (∆, T, I 0) where ∆is a KOSA theory ∆= (D, W =
(R∪I)) each default dxin Dhas criteria defined by dx= [C1, C2, . . . , Cm] with
Cm∈[0,1,2,...,100].
Then, defaults E={d1, d2. . . }={[d1C1, d1C2, . . .],[d2C1, d2C2, . . .]. . . }[9]. To
obtain the radius pof a Ewe sum the values of each poderation. For n > 0, we
have the radius for all defaults Encomputed:
E0=X{d1, d2. . . dx}=p
E1=X{d0
1, d0
2. . . d0
x}=p0
.
.
..
.
..
.
..
.
.
En=X{dn
1, dn
2. . . dn
x}=pn
The representation of the radius pncan be seen in Fig. 6 the representation of
the radius of E0,1,2and a fixed objective I0.
3 Discussion and Conclusion
The importance of using a non-monotonic logic, particulary default logic, is to
be able to find consistent solutions. We presented an approach for representing a
resilient system which has the capability of absorb perturbations and overcome
a disaster. A KOSA theory ∆= (D, W = (R∪I)) is defined with the purpose of
9
now (I)
want (I’)
Objective
p
•
E0
p0•E1
p00
•
E2
Fig. 6: Radius pof defaults E0,1,2and a fixed objective I0(black rectangle).
study a resilient behavior. It is a default theory which use not temporal logic to
describe its evolution. We proved that it exists a resilient trajectory T, for any
perturbation (incomplete, partial and contradictory informations). Considering
that a perturbed state Ipcan be inconsistent. This trajectory is a sequence of
states, T={I=i0, i1, i2,· · · , in−1, in=I0}with W= (R∪I) consistent. A
long-term objective I0is the last element of a sequence T, and intermediates
objectives are ikwith 0 ≤k < n. The introduction of Minsky model to our
KOSA theory is presented, thanks to this we could have a first step to study
the shape of the trajectories T. Also the notion of distance among extensions is
introduced.
To answer the questions that motivated this investigation: What is the re-
lation among states and objectives? We can say that the relation among states
and objectives is non-monotonic. Are there resilient trajectories? We demon-
strated that all ∆is resilient, if K= (∆, T ) can reach an objective I0of T from
a perturbed state Ip, passing from Ipto I0with W= (R∪I) consistent. Is
there a resilient behavior? We demonstrated that exists a resilient behavior, if
all trajectories of ∆are resilient. We presented a discrete theoretical behavior
of the trajectories.
The main objective of this research was to conduct a purely logical study.
KOSA theory does not use learning techniques to infer conclusions which will
be interesting for the future, e.g. it could be the use of this type of method
to learn the necessary rules to achieve an objective. This study provides the
basis for generalizing Definition 6. In which one could consider finding the
universe of resilient trajectories for any perturbation. That is, no matter what
the perturbation is, we could find the universe of trajectories to achieve the
desired objective.
10
A practical application [5] without resilience property was performed on an
embedded computer which calculates the extensions for the stabilization of a
motorized glider.
Acknowledgments
I would like to extend my thanks to the people who contributed their criticisms
and comments in the development of this article, either directly or indirectly.
References
1. Lyapunov, A.M.: The general problem of the stability of motion. International
journal of control 55 (1992) 531–534
2. Bellman, R.: Stability theory of differential equations. Courier Corporation (2008)
3. Holling, C.S.: Resilience and stability of ecological systems. Annual review of
ecology and systematics 4(1973) 1–23
4. Holling, C.S.: Understanding the complexity of economic, ecological, and social
systems. Ecosystems 4(2001) 390–405
5. Medina, J.L.V., Siegel, P., Risch, V., Doncescu, A.: Intelligent and adaptive system
based on a non-monotonic logic for an autonomous motor-glider. In: 2018 15th
International Conference on Control, Automation, Robotics and Vision (ICARCV),
IEEE (2018) 442–447
6. Chepyzhov, V.V., Vishik, M.I.: Attractors for equations of mathematical physics.
Volume 49. American Mathematical Soc. (2002)
7. Benenson, W., Harris, J.W., St¨ocker, H., Lutz, H.: Handbook of physics. Springer
Science & Business Media (2006)
8. Granas, A., Dugundji, J.: Fixed point theory. Springer Science & Business Media
(2013)
9. Reiter, R.: A logic for default reasoning. Artificial intelligence 13 (1980) 81–132
10. Russell, S.J., Norvig, P.: Artificial intelligence: a modern approach. Malaysia;
Pearson Education Limited, (2016)
11. Minsky, M.: A framework for representing knowledge. (1974)
12. Minsky, M.: The emotion machine. New York: Pantheon 56 (2006)
13. Oster, C.V., Strong, J.S., Zorn, C.K.: Why airplanes crash: Aviation safety in a
changing world. Oxford University Press on Demand (1992)
14. Li, G., Baker, S.P., Grabowski, J.G., Rebok, G.W.: Factors associated with pilot
error in aviation crashes. Aviation, space, and environmental medicine 72 (2001)
52–58
15. Oster, C.V., Strong, J.S., Zorn, K.: Why airplanes crash: Causes of accidents
worldwide. Technical report (2010)
16. Toulgoat, I., Siegel, P., Doncescu, A.: Modelling of submarine navigation by non-
monotonic logic. In: 2011 International Conference on Broadband and Wireless
Computing, Communication and Applications, IEEE (2011) 447–454
17. Janis, I.L., Mann, L.: Decision making: A psychological analysis of conflict, choice,
and commitment. Free press (1977)
18. Kahneman, D., Tversky, A.: Prospect theory: An analysis of decision under risk.
In: Handbook of the fundamentals of financial decision making: Part I. World
Scientific (2013) 99–127
11
