Download Directed Model Checking – Planning and Model Checking –

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
Document related concepts

Existential risk from artificial general intelligence wikipedia , lookup

Agent-based model in biology wikipedia , lookup

Mathematical model wikipedia , lookup

Transcript 
Directed Model Checking
– Planning and Model Checking –
Stefan Edelkamp
1
Overview
• Planning
• Abstraction and Heuristics in Planning
• Common Ground Planning - Model Checking
• Planning via Model Checking
• e.g. State Trajectory Constraints
• e.g. Model Checking Integrated Planning
• Model Checking via Planning
• e.g. Promela Planning
• e.g. Petri Net Planning
Overview
1
2
Action Planning
Action planning refers to a world description in predicate logic, where
• a number of predicates AP describes what can be true or false in each state of
the world
• by applying operations in a world, we arrive at another world where different
atoms might be true or false
(:action load-truck
:parameters (?obj ?truck ?loc)
:precondition
(and (obj ?obj) (truck ?truck) (loc ?loc)
(at ?truck ?loc) (at ?obj ?loc))
:effect
(and (not (at ?obj ?loc)) (in ?obj ?truck)))
• only some atoms are affected by an operator, most remain unchanged
Action Planning
2
Strips Planning
STRIPS planning problem: finite state space problem P =< S, O, I, G >, where
• S ⊆ 2AP is the set of states,
• I ∈ S is the initial state, G ⊆ S is the set of goal states
• O is the set of operators that transform states into states;
• For O = (P, A, D) ∈ O, P ⊆ AP is the precondition list, A ⊆ AP is the add
list, and D ⊆ AP is the delete list
(:action load-truck-o-t-l
:precondition
(and (at-t-l) (at-o-l))
:effect
(and (not (at-o-l)) (in-o-t)))
Given S with P ⊆ S, its successor is S 0 = (S \ D) ∪ A.
Action Planning
3
Abstraction in Planning
An abstract planning problem P|R = < S|R , O|R , I|R , G|R > of a propositional
planning problem < S, O, I, G > with respect to a set of propositional atoms R is
defined by
1. S|R = {S|R | S ∈ S},
2. G|R = {G|R | G ∈ G},
3. O|R = {O|R | O ∈ O}, with O|R = (P |R , A|R , D|R )
πR : solutions for abstract planning problem P|R
δR : optimal abstract plan length
Action Planning
4
Planning Pattern Databases
A planning pattern database DR with respect to a set of propositions R and a
propositional planning problem < S, O, I, G > is a collection of pairs (v, S) with
v ∈ IR and S ∈ S|R , such that v = δR (S)
DR = {(δR (S), S) | S ∈ S|R }.
opt
An optimal abstract plan πR for P|R is always shorter than an optimal plan π opt for
P, i.e. δR (S|R ) ≤ δ(S), for all S ∈ S
Action Planning
5
Proof:
π = (O1, . . . , Ok ) sequential plan for < S, O, I, G > ⇒ π|R = (O1|R , . . . , Ok |R )
solution for P|R = < S|R , O|R , I|R , G|R >
Suppose, δR (S|R ) > δ(S) for some S ∈ S
π opt = (O1, . . . , Ot): optimal plan from S to G in original planning space P ⇒
π opt|R = (O1|R , . . . , Ot|R ) valid plan in P|R with plan length ≤ t = δ(S)
Contradiction!
Remark: Strict inequality δR (S|R ) < δ(S): some operators Oi|R are void, or ∃
alternative even shorter paths in abstract space
Action Planning
6
3
Relaxed Planning Heuristic
.
Relaxation a+ of (STRIPS) action a = (pre(a), add(a), del(a)) is defined as
a+ = (pre(a), add(a), ∅).
Relaxation of a planning problem: one in which all actions are substituted by their
relaxed counterparts.
Any solution that solves the original plan also solves the relaxed one
h+: length of the shortest plan, that solves the relaxed problem
Solving relaxed plans optimally is NP hard , but decision problem to determine, if a
relaxed problem has a solution, is computationally tractable
Extension to planning problems with numerical state variables and further to
non-linear tasks
Relaxed Planning Heuristic
7
4
Common Ground
Model checker searches counterexample to falsify a given specification, planner
searches for sequence of actions to satisfy a goal
Kripke Structure: finite set of states, set of initial states, transition relation, and state
labeling function.
⇒ propositional planning problems can be modeled based on Kripke structures
Thorem Any propositional deterministic planning problem can be modeled as an
LTL model checking problem.
Achieving any propositional goal g can be expressed in form of a counter-example
to the temporal formula f = A(G ¬g) in LTL.
The inverse is often available, in particular when model checking safety properties
Common Ground
8
5
Planning via Model Checking
• Symbolic Planning: use symbolic state information in form of BDDs to cope
with the increasing number of states to be represented
• Nondeterministic Planning: A plan (state-action table) is weak if for each state
a goal can be reached, strong if all terminal states are goals, and strong cyclic
strong and for each state a terminal one is reachable
• Conformant and Contingent Planning: Belief-state planning (multiple initial
states, partial observation) dealt with e.g. BDDs
• Planning with Temporary Extended Goals: Goal specification extended by
temporal logic formulas
• Planning with Processes and Events: Extended PDDL has been converted to
the timed automata language of the model checker UPPAAL
• Planning with Control-Rules: Hand-tailored planners attach supplementary
information in form of temporal formulae to prune the state space
Planning via Model Checking
9
6
State Trajectory Constraints
. . . one of two rather disjoint language features proposed for IPC-5
• important step of the agreed fragment of PDDL toward the description of
temporal control knowledge and to temporally extended goals
• Conditions that must be met during the execution of a plan
• expressed through temporal model operators with bounded quantification over
domain objects
• feature also higher levels of PDDL, namely metric and temporal planning .
State Trajectory Constraints
10
Automata for the Example Instances
A fragile block can never have something above it is expressed as
(:goal (and (always (forall (?b - block) (implies (fragile ?b) (clear ?b))))
LTL formula for two selected blocks a and b:
G ((fragilea -> cleara) & (fragileb -> clearb))
The corresponding automaton:
State Trajectory Constraints
11
Other Examples
each block should be picked up at least once:
(:goal (and (forall (?b - block) (sometime (holding ?b)))
LTL formula for 2 block LTL: (F holdinga) & (F holdingb)
in some state visited by the plans all blocks are on the table
(:goal (sometime (forall (?b - block) (ontable ?b)))
LTL: F (ontablea & ontableb)
State Trajectory Constraints
12
Other Examples
Each truck should visit each city exactly once is given by
(:goal (and (forall (?t - truck ?c - city) (at-most-once (at ?t ?c)))
(forall (?t - truck ?c - city) (sometime (at ?t ?c))))
LTL formula
F attruckacitya & G (attruckacitya -> (attruckacitya U (G !attruckacitya)))
Corresponding Büchi-Automaton:
State Trajectory Constraints
13
Exploration
Only finite runs to judge, drop Büchi acceptance condition and work with the
corresponding condition for NFAs
Easiest way to implement a planner: state vector s for current planning state is
extended to (s, n), with n being the corresponding automata state
(approach featured in explicit-state model model checkers like SPIN)
Automaton non-deterministic ⇒ successors s0 of s in original plan space may imply
≥ 1 successor (s0, n1), . . . , (s0, nk ) in the extended one.
State Trajectory Constraints
14
Language Compilation
Have the language extensions enriched PDDL language?
Working of the automata: predicate (at-state ?n - state)
Automata Transitions: static predicate (transition ?n1 ?n2 - state).
Accepting States: tag (accepting ?n - state).
Translation: Action for each transition: current automaton state and transition
conditions as preconditions and the successor state as the add effect
Synchronize: automata transition with ordinary actions
Extension more than one state trajectory constraint: introduce additional parameter
?a - automata to the the propositions
State Trajectory Constraints
15
Model Checking Integrated Planning
Initial Work: planning with the µcke model checker
Minimized Encoding: Fact-space exploration, partition and merge predicates
BDD package: Buddy
MIPS at IPC-2: explicit heuristic search algorithms based on bit-vector state
representation and relaxed planning heuristic as well as symbolic heuristic search
Between the Planning Competitions: explicit and symbolic pattern databases
MIPS at IPC-3: PDDL2.1 expressiveness, (plan at least in every domain)
After 2002: non-linear relaxed planning heuristics, posterior plan scheduling with
time-windows, external (symbolic) search
State Trajectory Constraints
16
Architecture of MIPS
4 parts: pre-compilation, heuristics, search algorithms, and post-compilation
domain.pddl
problem.pddl
Precompiler
static analyzer
ground
symmetry
cluster
intermediate representation
Heuristics
explicit PDBs
symbolic PDBs
numerical
RPH
Search Algorithms
relaxed plan
symbolic search
explicit search
RPH
BDDA*, BDD-BFS
A*, IDA*, EHC
sequential plan
scheduling
RPH
relaxed
temporal plan
Scheduler
temporal plan
State Trajectory Constraints
Critical Path
PERT
17
7
Model Checking via Planning
1. Bounded Model Checking: applies the same techniques to Model Checking
that are used in the Planning as Satisfiability approach
2. Directed Model Checking: mimics the success of heuristic search in action
planning, e.g. in the domain of hardware validation
Here: Direct Conversion of Model Checking Problems in PDDL (IPC4 Benchmark)
Compiler : Automatically generating a PDDL model from Promela syntax
Restrictions: Safety Properties, especially Deadlocks
fixed number of processes: dynamic creation of processes in PDDL would require a
language extension for dynamic object creation
Model Checking via Planning
18
Example
Automata representation for the model of the 10 Dining Philosophers problem:
(Intermediate file produced by SPIN):
proctype philosopher
state 1 -(tr 3)-> state
state 6 -(tr 4)-> state
state 3 -(tr 5)-> state
state 4 -(tr 3)-> state
state 5 -(tr 6)-> state
6
3
4
5
6
line
line
line
line
line
11
12
14
16
16
=>
=>
=>
=>
=>
forks[ pid]!fork
forks[ pid]?fork
forks[(( pid+1)%10)]?fork
forks[ pid]!fork
forks[(( pid+1)%10)]!fork
Process P : finite graph (S(P ), trans, init(P ), curr(P ), δ(P ))
Channel Q: finite graph (S(Q), head(Q), tail(Q), δ(Q), mess(Q),cont(Q))
Shared and local variables are modeled by PDDL fluents
Model Checking via Planning
19
Domain Encoding
Operators: queue-read, queue-write, advance-queue-head,
advance-empty-queue-tail, advance-non-empty-queue-tail,
process-trans
• activate-trans: activates a transition in a process of a given type if in the
current state we have an option to perform the local transition
• queue-read and queue-write actions, initialize reading/writing of a
message.
• advance-queue-head, advance-empty-queue-tail,
advance-non-empty-queue-tail: queue update operators, set settled
flag, which is a precondition of every queue access action
• process-trans: executes local transition resets the flags.
Model Checking via Planning
20
Blocking and Deadlocks
Blocked Transitions:
1. read message does not match the requested message
2. queue capacity is either too small or too large
All active transitions in a process block ⇒ process itself will block
All processes are blocked ⇒ deadlock in the system
Planning Goal: conjunction of atoms requiring that all processes are blocked
Elegant Model: Blocking implemented as a set of derived predicates (PDDL2.2)
Model Checking via Planning
21
8
Planning for Petri Nets
Place-Transition Net: 4-tuple (P, T, I −, I +), where
• P = {p1, . . . , pn} is the set of places,
• P = {t1, . . . , tm} is the set of transitions with 1 ≤ n, m < ∞ and P ∩ T = ∅.
Backward and forward incidence mappings I −, I +: map elements of P × T to IN
Marking: maps elements of P to IN , where M (p) denotes the # tokens in p
Representation: M is provided in vector denotation
Errors: Deadlocks, failed invariances, . . .
Planning for Petri Nets
22
Place-Transition PN for Dining Philosophers
·
J U+ 3
·
I T
++33
3
+
+ 33
++ 33 ++ 33 ++ 33
+ 33
+ 3
++ 333
+
33
+++
+++
++ ++
++
++
+
Planning for Petri Nets
J U+ 3
·
·
·
·
p
J U++33
J U++33
T
ppp{{=
++33
p
3
3
p
+
+
{
p
3
3
{
p
++ 33
+
+
+ 33
pp+ 3 {{
++ 333
++ 33
ppp +{+ {3{33
p
p
++ 33
++ 3p3pp
{{ + 33
{ { +++ 33
++ 33
+p+ p 33
p
{
p
++ 33 pppp ++ 33 {{{
++ 33
++ pp33p3p
++ {{{333
++ 333
p 3
{
3
33
p
+
+
++
p
{
33
33
pp ++
3 {{ ++
+
{
wppp
++
++
++
{{
{
++ {{
++
++
++{{{ ++ ++ {+
+
++
{
{ +
++
++
{{ ++
{
+
{
+
+
++
{
++
++
{{
+
{
{
23
Petri Net Search
Markings correspond to states in a state space.
Petri nets are often supplied with an initial marking M0.
Transition t is enabled, if all its input places contain at least one token, i.e.,
M (p) ≥ I −(p, t) for all p ∈ P .
If a transition is fired, it deletes one token on each of its input places and generates
one on each of its outputs places.
Transition t enabled at marking m may fire and generates a new marking
M 0(p) = M (p) − I −(p, t) + I +(p, t) for all p ∈ P , written as M → M 0.
Planning for Petri Nets
24
Reachability Analysis
Recall: # tokens for a node in a place transition net is not bounded a priori
⇒ # possible states is infinite
Main idea: include partial markings, that introduce don’t care symbol ω into the
state vector, denoting a marking of an unbounded place
Algorithm starts with a reachability set R consisting of marking M0 and generates a
coverability tree
- Nondeterministically a partial marking M in R at a leaf is chosen
- ∀ enabled transitions t: generate a new partial marking M 0 by firing t
- if ∃ marking M 00 on the path from M0 to M 0 with M 00 ≤ M 0 and M (p) < M 0(p),
set M 0(p) to ω
Planning for Petri Nets
25
Numerical Encoding
Object types: place and transition.
Predicates (incoming ?s - place ?t - transition) and (outgoing ?s
- place ?t - transition), representing the two sets I − and I +.
Marking mapping: fluent (number-of-token ?p - place ?t - trans)
(:action fire-transition
:parameters (?t - transition)
:preconditions
(forall (?p - place)
(or (not (incoming ?p ?t)) (> (number-of-token ?p) 0)))
:effects
(forall (?p - place)
(when (incoming ?p ?t) (decrease (number-of-token ?p))))
(forall (?p - place)
(when (outgoing ?t ?p) (increase (number-of-token ?p)))))
Planning for Petri Nets
26
Initial State and Deadlock
Initial state: encodes net topology and initial markings using predicates incoming
and outgoing and a numerical predicate (fluent) (number-of-tokens) to
specify M0
Condition that a transition is blocked modeled with a derived predicate
(:derived block (?t - transition)
(exists (?p - place)
(and (incoming ?p ?t) (= (number-of-token ?p) 0))))
Consequently, a deadlock to be specified as the goal condition:
(:derived deadlock (forall (?t - transition) (blocked ?t)))
PDDL encoding: 1-to-1 correspondence to original place-transition net
Planning for Petri Nets
27
Propositional Encoding of Petri Net Transition
(:action fire-transition
:parameters (?t - transition)
:precondition
(forall (?p - place)
(or (not (incoming ?p ?t))
(exists (?n - number)
(and (number-of-tokens ?p ?n) (is-not-zero ?n)))))
:effect
(and
(forall (?p - place ?n1 ?n2 - number)
(when
(and (incoming ?p ?t) (inc ?n1 ?n2)
(number-of-tokens ?p ?n2))
(and (not (number-of-tokens ?p ?n2))
(number-of-tokens ?p ?n1))))
(forall (?p - place ?n1 ?n2 - number)
(when
(and (outgoing ?t ?p) (inc ?n1 ?n2)
(number-of-tokens ?p ?n1))
(and (not (number-of-tokens ?p ?n1))
(number-of-tokens ?p ?n2)))))))
Planning for Petri Nets
28
References
[1] F. Bacchus and F. Kabanza. Using temporal logics to express search control knowledge for
planning. Artificial Intelligence, 116:123–191, 2000.
[2] P. Bertoli, A. Cimatti, and M. Roveri. Heuristic search symbolic model checking = efficient
conformant planning. In International Joint Conference on Artificial Intelligence (IJCAI), pages
467–472, 2001.
[3] P. Bertoli, A. Cimatti, M. Roveri, and P. Traverso. Planning in nondeterministic domains under
partial observability via symbolic model checking. In International Joint Conference on Artificial
Intelligence (IJCAI), 2001.
[4] A. Biere, A. Cimatti, E. Clarke, and Y. Zhu. Symbolic model checking without BDDs. In Tools
and Algorithms for the Construction and Analysis of Systems, Lecture Notes in Computer
Science. Springer, 1999.
[5] R. Bloem, K. Ravi, and F. Somenzi. Symbolic guided search for CTL model checking. In
Conference on Design Automation (DAC), pages 29–34, 2000.
[6] T. Bylander. The computational complexity of propositional STRIPS planning. Artificial
Intelligence, pages 165–204, 1994.
Planning for Petri Nets
29
[7] A. Cimatti, M. Roveri, and P. Traverso. Automatic OBDD-based generation of universal plans in
non-deterministic domains. In National Conference on Artificial Intelligence (AAAI), pages
875–881, 1998.
[8] H. Dierks, G. Behrmann, and K. Larsen. Solving planning problems using real-time model
checking. In Artificial Intelligence Planning and Scheduling (AIPS)–Workshop on Model
Checking, pages 30–39, 2002.
[9] S. Edelkamp. Promela planning. In Workshop on Model Checking Software (SPIN), Lecture
Notes in Computer Science, pages 197–212. Springer, 2003.
[10] S. Edelkamp. Taming numbers and durations in the model checking integrated planning
system. Journal of Artificial Research (JAIR), 20:195–238, 2003.
[11] S. Edelkamp. Generalizing the relaxed planning heuristic to non-linear tasks. In German
Conference on Artificial Intelligence (KI), 2004. 198–212.
[12] M. Fox and D. Long. PDDL2.1: An extension to PDDL for expressing temporal planning
domains. Journal of Artificial Research (JAIR), 20:61–124, 2003.
[13] A. Gerevini and D. Long. Plan constraints and preferences in pddl. A Proposal for the
Language of the Fifth International Planning Competition, 2005.
[14] F. Giunchiglia and P. Traverso. Planning as model checking. In European Conference on
Planning (ECP), pages 1–19, 1999.
[15] J. Hoffmann. The Metric FF planning system: Translating “Ignoring the delete list” to numerical
state variables. Journal of Artificial Intelligence Research, 20:291–341, 2003.
[16] J. Hoffmann and B. Nebel. Fast plan generation through heuristic search. Journal of Artificial
Intelligence Research, 14:253–302, 2001.
[17] F. Kabanza and S. Thiebaux. Search control in planing for termporally extended goals. In
International Conference on Automated Planning and Scheduling (ICAPS), pages 130–139,
2005.
[18] H. Kautz and B. Selman. Pushing the envelope: Planning propositional logic, and stochastic
search. In National Conference on Artificial Intelligence (AAAI), pages 1194–1201, 1996.
[19] U. D. Lago, M. Pistore, and P. Traverso. Planning with a language for extended goals. In
National Conference on Artificial Intelligence (AAAI), pages 447–454, 2002.
[20] M. Pistore and P. Traverso. Planning as model checking for extended goals in non-deterministic
domains. In International Joint Conference on Artificial Intelligence (IJCAI), pages 479–486,
2001.
Related documents
The Role of Security in an Introductory Course
The Role of Security in an Introductory Course
personal finance syllabus - Anderson School District One
personal finance syllabus - Anderson School District One
Type Checking
Type Checking
Representing AI problems expressed in PDDL to Unified
Representing AI problems expressed in PDDL to Unified
digital_logic
digital_logic
evolution
evolution
Selecting Desirable Traits
Selecting Desirable Traits
7.2 Natural Selection
7.2 Natural Selection
COGS 515 Artificial Intelligence for Cognitive Science Spring 2015
COGS 515 Artificial Intelligence for Cognitive Science Spring 2015
Strategic Research Center for Artificial Intelligence Policy
Strategic Research Center for Artificial Intelligence Policy
Applied Informatics
Applied Informatics
II. z-scores being Normal or Unusual
II. z-scores being Normal or Unusual