a verified compositional algorithm for ai planning · ivariable symmetry: a problem automorphism ia...

A Verified Compositional Algorithm for AI Planning

Mohammad Abdulaziz1, Charles Gretton2, Michael Norrish3

1Technical University of Munich2Australian National University3Data61

Abdulaziz, Gretton, and Norrish A Verified Compositional Algorithm for AI Planning 1 / 15

OutlineI Background: what is planning?I Propositionally factored representationsI Compositional planning algorithmsI A (verified) symmetry based compositional algorithm


AI PlanningI Input: a model of the world in terms of actions, initial state,

and a goal


AI PlanningI Lorries: L1 L2, Parcels: P1 P2 P3, Cities: C1 C2I Initial state: L1@C1, L2@C2, P1@C1, P2@C1, P3@C1I Driving Actions: L1 drives from C1 to C2, L1 drives from C2

to C1,. . .I Loading Actions: L1 loads P1@C1, L1 loads P1@C2,. . .I Unloading: L1 unloads P1@C1, L1 unloads P1@C2,. . .I Goal: P1@C2 and P2@C2


AI PlanningI Input: a model of the world in terms of actions, initial state,

and a goalI Output: a sequence of actions that, if executed at the initial

state, reach the goal


AI PlanningI L2 drives from C2 to C1I L1 loads P1@C1I L1 drives from C1 to C2I L1 unloads P1@C2I L2 loads P2@C1I L2 drives from C1 to C2I L2 unloads P2@C2I L1 drives from C2 to C1I L1 loads P3@C1I L1 drives from C1 to C2I L1 unloads P3@C2


Propositionally Factored RepresentationsI A planning problem is a reachability problem in a state

space, i.e. digraphI STRIPS [Fikes and Nilsson 1971], SMV [McMillan 1993]



space, i.e. digraphI State variablesI e.g. L1@C1



space, i.e. digraphI Actions representing the dynamicsI e.g.

Load(P1,L1,C1) ≡ ({P1@C1,L1@C1},{¬P1@C1,P1@L1})I Executing an action at a state results in a new stateI ex(x , (p,e)) = if p ⊆ x then e ] x else x



space, i.e. digraphI Initial state: an assignment of all variablesI e.g. {P1@C1,¬P1@C2,P2@C1,¬P2@C2,L1@C1. . . }

I Goal: an assignment of a subset of the variablesI e.g. {P1@C2,P2@C2}



space, i.e. digraphI Factored representations are more natural and succinct

Π.I ≡ {v1, v2, v3, v4, v5},Π.δ ≡ {(∅, {v3}), ({v1, v3}, {v3, v4}), ({v2, v3}, {v3, v5})},Π.G ≡ {v4, v5}

v1v2v3v4v5 v1v2v3v4v5

v1v2v3v4v5

v1v2v3v4v5

v1v2v3v4v5

v1v2v3v4v5




space, i.e. digraphI In HOL:I A state is of type α 7→ boolI An action is of type (α 7→ bool) × (α 7→ bool)I A planning problem is a tuple ofI I: α 7→ boolI δ: (α 7→ bool) × (α 7→ bool) → boolI G: α 7→ bool

I Action execution isstate-succ x (p,e) def

=if p v x then e ] x else x


Compositional AlgorithmsI Classical planning is PSPACE-CompleteI as are reachability problems in other succinct

representationsI In practice: incrementally compute the (exponentially) larger

explicit state space

I Compositional algorithms:I divide the planning problem into sub-problemsI solve each sub-problem separatelyI compose sub-problem solutions


This talkI Verifying a compositional algorithm based on symmetriesI we published it in 2015 in IJCAI

I Why?I safety critical applications of planningI e.g. Williams and Nayak 1997, check IWPSS 2008-now

I But. . .I planning algorithms are notation/mathematically heavyI many easy-to-miss corner casesI review process can be sloppy


Planning: SymmetriesI Variable symmetry: a problem automorphismI a permutation of variables that does not “change” the

problem



problemI E.g. {v1 7→ v2, v3 7→ v5}



v1v2v3v4v5

v1v2v3v4v5

v1v2v3v4v5

v1v2v3v4v5




problemI These automorphisms form a finite groupI Can be computed using graph automorphism toolsI E.g. NAUTY [McKay 1981]


Symmetry-based Compositional PlanningI The automorphism group induces equivalence relations, aka

orbitsI on variables, literals, actions, etc.




I E.g. partition P ≡ {p1 ≡ {v1, v2},p2 ≡ {v3},p3 ≡ {v4, v5}}



v1v2v3v4v5

v1v2v3v4v5

v1v2v3v4v5

v1v2v3v4v5





I Quotient problem: replace every proposition with its orbit




I Quotient problem: replace every proposition with its orbitI E.g. P ≡ {p1 ≡ {v1, v2},p2 ≡ {v3},p3 ≡ {v4, v5}}



v1v2v3v4v5

v1v2v3v4v5

v1v2v3v4v5

v1v2v3v4v5





I Quotient problem: replace every proposition with its orbitI E.g. P ≡ {p1 ≡ {v1, v2},p2 ≡ {v3},p3 ≡ {v4, v5}}

(Π/P).I ≡ {p1,p2,p3},(Π/P).δ ≡ {(∅, {p2}), ({p1,p2}, {p2, p3})},(Π/P).G ≡ {p3}

p1p2p3 p1p2p3 p1p2p3 p1p2p3




I Quotient problem: replace every proposition with its orbitI Solving the quotient problem instead of the concrete

problem would be greatI We can, if we satisfy two conditions


Symmetry-based Compositional Planning: condition 1I This is a condition on instantiations of the quotient problemI Instantiation is an analogue of function images on setsI applies to states, actions and problems



I E.g. for t1 ≡ {p1 7→ v1,p2 7→ v3,p3 7→ v4}, tLΠ/PM is


p1p2p3 p1p2p3 p1p2p3 p1p2p3



I E.g. for t1 ≡ {p1 7→ v1,p2 7→ v3,p3 7→ v4}, tLΠ/PM is

(t1L(Π/P)M).I = {v1, v3, v4},(t1L(Π/P)M).δ = {(∅, {v3}), ({v1, v3}, {v3, v4})},(t1L(Π/P)M).G = {v4}

v1v3v4 v1v3v4 v1v3v4 v1v3v4



I There must be a set of instantiations T of the quotient Π/Pthat cover the problem Π




I for any t ∈ T, tLΠ/PM ⊆ Π

I where Π1 ⊆ Π2 iff Π1.I ⊆ Π2.I and Π1.δ ⊆ Π2.δ



I There must be a set of instantiations T of the quotient Π/Pthat cover the problem ΠI E.g.

T ≡ {t1 ≡ {p1 7→ v1,p2 7→ v3,p3 7→ v4},t2 ≡ {p1 7→ v2,p2 7→ v3,p3 7→ v5}}








(t2LΠ/PM).I = {v2, v3, v5},(t2LΠ/PM).δ = {(∅, {v3}), ({v2, v3}, {v3, v5})},(t2LΠ/PM).G = {v5}





I where Π1 ⊆ Π2 iff Π1.I ⊆ Π2.I and Π1.δ ⊆ Π2.δI for any ` ∈ Π.G, ∃ t ∈ T. ` ∈ (tLΠ/PM).G






(t2LΠ/PM).I = {v2, v3, v5},(t2LΠ/PM).δ = {(∅, {v3}), ({v2, v3}, {v3, v5})},(t2LΠ/PM).G = {v5}





I where Π1 ⊆ Π2 iff Π1.I ⊆ Π2.I and Π1.δ ⊆ Π2.δI for any ` ∈ Π.G, ∃ t ∈ T. ` ∈ (tLΠ/PM).GI for any t ∈ T, t is a transversal of PI i.e. for any p ∈ P. t(p) ∈ p





and

P ≡ {p1 ≡ {v1, v2},p2 ≡ {v3},p3 ≡ {v4, v5}}





I where Π1 ⊆ Π2 iff Π1.I ⊆ Π2.I and Π1.δ ⊆ Π2.δI for any ` ∈ Π.G, ∃ t ∈ T. ` ∈ (tLΠ/PM).GI for any t ∈ T, t is a transversal of PI i.e. for any p ∈ P. t(p) ∈ p


Symmetry-based Compositional Planning: condition 2I This is a condition involving the quotient problem


Symmetry-based Compositional Planning: condition 2I This is a condition involving the quotient problemI Needed assignments, N (Π): assignments in the goal or

action preconditions that also occur in II i.e. N (Π) = (pre(δ) ∩ I) ∪ (G ∩ I)


Symmetry-based Compositional Planning: condition 2I This is a condition involving the quotient problemI E.g. N (Π/P) = {p1,p2}





I Common variables⋂

v T: orbits mapped to the samevariable by more than one member of T


Symmetry-based Compositional Planning: condition 2I This is a condition involving the quotient problemI E.g. for

T ≡ {t1 ≡ {p1 7→ v1,p2 7→ v3,p3 7→ v4},t2 ≡ {p1 7→ v2,p2 7→ v3,p3 7→ v5}},

the common variables are {p2}






I A set of variables vs is sustainable in a problem Π iff everyv ∈ vs is assigned to the same value by Π.I and Π.G


Symmetry-based Compositional Planning: condition 2I This is a condition involving the quotient problemI E.g. p3 is not sustainable in Π/P








I (⋂

v T) ∩ D(N (Π/P)) are sustainable in Π/PI where D(x) ≡ {v | (v 7→ b) ∈ x}







I (⋂


I We guarantee that if we augment the quotient’s goal with theassignments (

⋂v T) ∩ D(N (Π))




the common variables are {p2}the variables whose assignments are needed are {p1,p2}

so we need to add p2 to the (Π/P).G





the common variables are {p2}the variables whose assignments are needed are {p1,p2}

so we need to add p2 to the (Π/P).G

Πq .I ≡ {p1,p2,p3},Πq .δ ≡ {(∅, {p2}), ({p1,p2}, {p2, p3})},Πq .G ≡ {p2,p3}







I (⋂


I We guarantee that if we augment the quotient’s goal with theassignments (

⋂v T) ∩ D(N (Π))


Symmetry-based Compositional Planning (Cont.)I Now, the algorithm is:

1. compute problem automorphisms2. compute quotient problem3. compute covering instantiations of the quotient4. augment the quotient problem’s goal



1. compute problem automorphisms2. compute quotient problem3. compute covering instantiations of the quotient4. augment the quotient problem’s goal5. solve the augmented quotient


Symmetry-based Compositional Planning (Cont.)

E.g. [({p1,p2}, {p2, p3}), (∅, {p2})]

Πq .I ≡ {p1,p2,p3},Πq .δ ≡ {(∅, {p2}), ({p1,p2}, {p2, p3})},Πq .G ≡ {p2,p3}



1. compute problem automorphisms2. compute quotient problem3. compute covering instantiations of the quotient4. augment the quotient problem’s goal5. solve the augmented quotient6. instantiate the quotient sol. with all instantiations



E.g. for [({p1,p2}, {p2, p3}), (∅, {p2})], and


the instantiated plans are[({v1, v3}, {v3, v4}), (∅, {v3})], and[({v2, v3}, {v3, v5}), (∅, {v3})]



1. compute problem automorphisms2. compute quotient problem3. compute covering instantiations of the quotient4. augment the quotient problem’s goal5. solve the augmented quotient6. instantiate the quotient sol. with all instantiations7. concatenate all instantiations of quotient sol., in any

order



E.g. [({v1, v3}, {v3, v4}), (∅, {v3})], and[({v2, v3}, {v3, v5}), (∅, {v3})]




1. compute problem automorphisms2. compute quotient problem3. compute covering instantiations of the quotient4. augment the quotient problem’s goal5. solve the augmented quotient6. instantiate the quotient sol. with all instantiations7. concatenate all instantiations of quotient sol., in any

order


Fruits of the Project: BugsI The previously shown algorithm fails ifI the quotient plan had an unactivated action due

unsatisfied preconditionsI that action could be activated when instantiations of the

quotient sol. are concatenatedI this can compromise the final state reached by the

concatenated instantiations


Fruits of the Project: BugsI Now, the algorithm is:

1. compute problem automorphisms2. compute quotient problem3. compute covering instantiations of the quotient4. augment the quotient problem’s goal5. solve the augmented quotient6. remove unexecutable actions from quotient sol.7. instantiate the quotient sol. with all instantiations8. concatenate all instantiations of quotient sol., in any

order


Fruits of the Project: BugsI The previously shown algorithm fails ifI the quotient plan had an unactivated action due

unsatisfied preconditionsI that action could be activated when instantiations of the

quotient sol. are concatenatedI this can compromise the final state reached by the

concatenated instantiationsI In the definition of the “sub-problem” relationI Π1 ⊆ Π2 iff Π1.I ⊆ Π2.I and Π1.δ ⊆ Π2.δ


Fruits of the Project: OtherI Generalised the algorithmI discovered the algorithm works if state variables are not

BooleanI i.e. a state is of type α 7→ β and not α 7→ bool



` letΠq =

Π′ with G := Π′.I�⋂v (set T) D(Π′) ∩ D(N (Π′)) ] Π′.G ;

inst_plans =

MAP (λt. rem-cless (N (tLΠqM),[],tL→π

qM))

T ;concatenated_plans = FLAT inst_plans

inALL-DISTINCT T ∧(∀t. MEM t T ⇒ valid-inst t) ∧ valid-prob Π′ ∧INJ (λt. tLΠqM) (set T)U(:(α, β) problem) ∧

pwise-valid (set T) D(Πq) ∧covers (MAP (λt. tLΠqM) T) Π ∧ Πq solved-by

→π

q⇒

Π solved-by concatenated_plans


ConclusionI We used HOL4 to analyse our own algorithm at an abstract

levelI Lead toI deeper understandingI finding bugs not found via testing nor peer reviewI generalising the algorithm


a verified compositional algorithm for ai planning · ivariable symmetry: a problem automorphism ia...

Documents