5.2.1
Syntax and Semantics
In this section, we present the syntax and semantics of TCTLG.
Definition 5.1 (Syntax of TCTLG). The syntax of TCTLGis defined recursively as follows:
ϕ ::= ρ | ¬ϕ | ϕ ∨ ϕ | EX ϕ | E(ϕ U ϕ ) | A(ϕ U ϕ ) | T T ::= T∆k
p (i, j, ϕ, ϕ) | Tc∆k(i, j, ϕ, ϕ)
where ρ, E, A, X , ∨, and U are defined in Definition 2.1 (Chapter 2). The trust operator T represents the trust relationship between two agents. There are two trust modalities: T∆k p and T∆k
c , that represent respectively preconditional and conditional graded trust. From the syntax perspective, T∆k
p (i, j, ψ, ϕ) expresses that “the truster i trusts the trustee j to bring about ϕ given that the precondition ψ holds with a degree of trust ∆k", where k is a rational number in [0, 1], and ∆ is a relation symbol in the set {≤, ≥, <, >, =}. While the formula T∆k
c (i, j, ψ, ϕ) reads as “agent i trusts agent j about the consequent ϕ when the antecedent ψ holds with a degree of trust ∆k". It is worth pointing that the advantage of representing the trustworthiness of an agent by a single real number format is that it is obvious for an agent to estimate her degrees of trust and to distinguish between certain agents in order to
choose the one satisfying their personal expectations. In fact, we can say that when k = 0, it means the trust has not been achieved, however, when k = 1, the trust has been perfectly fulfilled. Moreover, when the degree of trust k = 1, the standard trust operators Tp(i, j, ψ, ϕ) and Tc(i, j, ψ, ϕ) can be obtained as abbreviations:
Tp(i, j, ψ, ϕ) , Tp≥1(i, j, ψ, ϕ) and Tc(i, j, ψ, ϕ) , Tc≥1(i, j, ψ, ϕ).
Definition 5.2 (Semantics of TCTLG). The semantics of TCTLG formulae is interpreted using a model (MG) generated from Vector-based interpreted systems introduced in Section 3.3 above. Given the model MG, the satisfaction of a TCTLGformula ϕ in a global state s, denoted as (MG, s) |= ϕ, is recursively defined as follows:
• (MG, s) |= ρ iff ρ ∈ VG(s); • (MG, s) |= ¬ϕ iff s 2 ϕ;
• (MG, s) |= ϕ1∨ ϕ2iff s |= ϕ1or s |= ϕ2;
• (MG, s) |= EX ϕ iff there exists a path π starting at s such that π(1)) |= ϕ;
• (MG, s) |= E(ϕ1U ϕ2) iff there exists a path π starting at s such that for some k ≥ 0, π(k)) |= ϕ2and ∀0 ≤ i < k, π(i)) |= ϕ1;
• (MG, s) |= A(ϕ1U ϕ2) iff for all paths π starting at s, there exists some k ≥ 0 such that π(k)) |= ϕ2and ∀0 ≤ i < k, π(i)) |= ϕ1;
• (MG, s) |= Tp∆k(i, j, ψ, ϕ) iff s |= ψ ∧ ¬ϕ and ∃s06= s such that s i→ j s0, and |s i→ js0: s06= s & s0|= ϕ|
|s i→ js0: s06= s|
∆k;
• (MG, s) |= T∆k
c (i, j, ψ, ϕ) iff s |= ¬ϕ and ∃s06= s such that s i→ j s0and s0|= ψ, and |s i→ j s0: s06= s & s0|= ψ ⇒ ϕ|
|s i→ js0: s06= s|
For atomic propositions, Boolean connectives, and temporal modalities, the relation |= is defined in the standard manner (see for example [21]). The intuition behind the se- mantics of T∆k
p (i, j, ψ, ϕ) and Tc∆k(i, j, ψ, ϕ) is: the degrees of trust that an agent associates to a formula ϕ in a global state s is the ratio between the number of states s0distinguishable and accessible from s and satisfying ϕ (i.e., |s i→ js0: s06= s & s0|= ϕ|), and the total number of distinguishable and accessible states from s (i.e., |s i→ js0: s06= s|).
Example 5.1. We now give examples of natural preconditional and conditional quantita- tive properties that can be expressed with TCT LG. Let us consider a model for On-line Shopping System where atomic propositions include Deliver and Pay. Formula (5.1) specifies that it is not possible, with degree at least0.95, for the buyer to trust the seller to deliver the requested items if the payment has not been made.
¬ EF Tc≥0.95(buyer, seller, ¬payment, deliver) (5.1)
Formula (5.2) states that the buyer trusts that the seller will deliver the requested items in 75% of the cases under the condition that the latter has already received the payment.
EF Tp≥0.75(buyer, seller, payment, deliver) (5.2)
Figure 5.2 illustrates the model of Formula(5.2).
5.2.2
Reasoning Postulates
We consider in this section several postulates that reflect common reasoning patterns that are valid in all TCT LG models. These postulates hold for both preconditional and condi- tional trust. Thus, we will use T∆kas a common operator instead of T∆k
~𝑖→𝑗 ~𝑖→𝑗 𝑣𝑖 𝑣𝑗 𝑖 𝑗 1 𝑝𝑎𝑦𝑚𝑒𝑛𝑡 ∧ ¬𝑑𝑒𝑙𝑖𝑣𝑒𝑟 ~𝑖→𝑗 ~𝑖→𝑗 ~𝑖→𝑗 ~𝑖→𝑗 𝑠0 𝑠1 𝑠4 𝑣𝑖 𝑣𝑗 𝑖 𝑗 1 𝑣𝑖 𝑣𝑗 𝑖 𝑗 1 𝑣𝑖 𝑣𝑗 𝑖 𝑗 1 ~𝑖→𝑗 ¬𝑑𝑒𝑙𝑖𝑣𝑒𝑟 𝑑𝑒𝑙𝑖𝑣𝑒𝑟 𝑑𝑒𝑙𝑖𝑣𝑒𝑟 𝑠3 𝑣𝑖 𝑣𝑗 𝑖 𝑗 1 ~𝑖→𝑗 ~𝑖→𝑗 𝑑𝑒𝑙𝑖𝑣𝑒𝑟 𝑠2 ~𝑖→𝑗
Figure 5.2: A model that satisfies the formula (5.2)
we omit i and j in the postulates as far as the truster and trustee are understood, so we simply write T∆k(ψ, ϕ).
1. T∆k1(ψ, ϕ) ⇒ @k
2: T∆k2(ψ, ¬ϕ)
2. T≥1(ψ1, ϕ1) ∧ T∆k(ψ2, ϕ2) ⇒ T∆k(ψ1∧ ψ2, ϕ1∧ ϕ2) The following rules are instances of this postulate:
– T≥1(ψ1, ϕ1) ∧ T≤0(ψ2, ϕ2) ⇒ T≤0(ψ1∧ ψ2, ϕ1∧ ϕ2) – T≥1(ψ1, ϕ1) ∧ T≥1(ψ2, ϕ2) ⇒ T≥1(ψ1∧ ψ2, ϕ1∧ ϕ2) 3. T≤k(ψ, ϕ1) ⇒ T≤k(ψ, ϕ1∧ ϕ2)
The following postulate (4) derives from postulate 3: 4. T≤k1(ψ 1, ϕ1) ∧ T≤k2(ψ2, ϕ2) ⇒ T≤min(k1,k2)(ψ1∧ ψ2, ϕ1∧ ϕ2) 5. T≤k1(ψ 1, ϕ1) ∧ T∆k2(ψ2, ϕ2) ⇒ T≤max(k1,k2)(ψ1∧ ψ2, ϕ1∧ ϕ2) 6. T≤k1(ψ, ϕ 1∧ ϕ2) ∧ ¬ϕ1⇒ ∃k2≥ k1 s.t. T≤k2(ψ, ϕ1) 7. T≥k(ψ, ϕ1∧ ϕ2) ∧ ¬ϕ1⇒ T≥k(ψ, ϕ1) 8. T≥k1(ψ , ϕ ) ∧ T≥k2(ψ , ϕ ) ⇒ T≥max(k1+k2−1,0)(ψ ∧ ψ , ϕ ∧ ϕ )
9. T≤k(ψ, ϕ1∨ ϕ2) ⇒ T≤k(ψ, ϕ1) 10. T≥k(ψ, ϕ1) ∧ ¬ϕ2⇒ T≥k(ψ, ϕ1∨ ϕ2) 11. T≥k1(ψ, ϕ
1) ∨ T≥k2(ψ, ϕ2) ∧ ¬ (ϕ1∨ ϕ2) ⇒ T≥min(k1,k2)(ψ, ϕ1∨ ϕ2)
12. T≥k(ψ, ϕ1∨ ϕ2) ⇒ ∃k1, k2 s.t. T≥k1(ψ, ϕ1) ∧ T≥k2(ψ, ϕ2) ∧ k1+ k2≥ k
13. From T≥k(ψ, ϕ1) and ϕ1` ϕ2and ¬ϕ2infer T≥k(ψ, ϕ2) 14. From T≤k1(ψ, ϕ
1) and ϕ1` ϕ2and ¬ϕ2 infer ∃k2≥ k1 s.t. T≤k2(ψ, ϕ2)