Automatic Synthesis of Temporal Invariants

We present a technique for automatically extracting temporal mutual exclusion invariants from PDDL2.2 planning instances. Our technique builds on other approaches to invariant synthesis presented in the literature, but departs from their limited focus on instantaneous discrete actions by addressing temporal and numeric domains. To deal with time, we formulate invariance conditions that account for both the entire structure of the operators (including the conditions, rather than just the effects) and the possible interactions between operators. Introduction A number of planning domain specification languages used to describe complex real-world planning problems adopt a constraint-based representation centered on multi-valued state variables. Examples of large temporal systems based on such languages are: EUROPA2 (Frank and Jónsson, 2003), ASPEN (Chien et al., 2000), IxTeT (Ghallab and Laruelle, 1994), HSTS (Muscettola, 1994), OMPS (Fratini, Pecora, and Cesta, 2008) and Plantrol (Do et al., 2011). In contrast, the majority of the benchmark domains currently used by the planning community were developed for the International Planning Competitions (IPCs) and are therefore encoded in the PDDL language, which is propositional in nature. Tools designed for translating propositional representations into variable/value representations would facilitate the testing of application-oriented planners on these benchmarks. Designing such tools is primarily concerned with the generation of multi-valued state variables from propositions and operators, which does not depend on the target language of the translation. This paper presents a technique for generating temporal multi-valued state variables from a PDDL2.2 instance. More specifically, we describe a technique for identifying temporal mutual exclusion invariants, which state that certain atoms can never be true at the same time, as a preliminary step to synthesizing state variables. In fact, each identified group of mutually exclusive atoms constitutes the domain of a single state variable. Our technique builds on the invariant synthesis presented in Helmert (2009) which is used to translate a subset of PDDL2.2 into FDR (Finite Domain Representation), a multi-valued planning task formalism used within the planner Fast Downward (Helmert, 2006). Helmert’s invariant synthesis is limited to non-temporal and non-numeric PDDL2.2 domains (the so called, PDDL “Level 1”). In contrast, our technique addresses temporal and numeric domains (PDDL – “Level 3”). Developing invariants for such tasks is more complex than handling tasks with instantaneous discrete actions, because interference between concurrent operators complicates the identification of state variables. For this reason, a simple generalization of Helmert’s approach does not work in temporal settings. In extending the theory to capture the temporal case, we have had to formulate invariance conditions that take into account the entire structure of the operators (including the conditions, as opposed to the effects only) as well as the possible interactions between them. As a result, we have constructed a significantly more comprehensive technique that is able to find not only invariants for temporal domains, but also a broader set of invariants for non-temporal domains. This paper is organized as follows. We first identify a set of initial invariant candidates by inspecting the domain. We then check these candidates against a set of properties that assure invariance. If a candidate turns out not to be an invariant, we show that in some cases it is possible to refine it so as to make it a real invariant. An experimental evaluation of our approach and a presentation of conclusions and future work close the paper. Invariant Candidates An invariant is a property of world states such that when it is satisfied by a state s, it is satisfied by all states that are reachable from s. Usually, we are interested in invariants that are satisfied in the initial state. If an invariant holds in the initial state, it holds in all the reachable states. Here, we focus on mutual exclusion invariants, which state that certain atoms can never be true at the same time. For example, if we take the Logistics domain, a mutual exclusion invariant for this domain states that two atoms indicating the position of a truck trk0, such as at(trk0, loc0) and at(trk0, loc1), can never be true at the same time. Intuitively, this means that the truck cannot be at two different positions simultaneously. More formally, let I = (D,P) be a PDDL instance, where D is a planning domain and P a planning problem, an invariant candidate is a tuple C = �Φ,F,V�, where Φ is a non-empty subset of the atoms in the domain D, and F and V are two disjoint sets of variables. The atoms in Φ are called the candidate’s components, while the two sets F and V are respectively called fixed and counted variables. They are both subsets of Var[Φ], which collects the variables in Φ. For example, if we take the Logistics domain and the predicate at(truck,loc), the following is a candidate: Cat = �{at(truck,loc)}, {truck}, {loc}�, where at(truck,loc) is the only component of this candidate, truck is the fixed variable and loc the counted variable. An instance γ of the candidate C is a function that maps the fixed variables in F to objects of the problem P . Assuming we have a problem with two trucks trk1 and trk2, we have two possible instances of Cat: γtrk1 : truck→ trk1 and γtrk2 : truck→ trk2. The weight of an instance γ in a state s is the number of ground instantiations of the variables in V that make some φ ∈ Φ true under γ in s.1 Thus, considering the Logistics domain and the instance γtrk1, if we have a state s where the atom at(trk1,loc1) holds, then the weight of Cat is one. Intuitively, the weight of γ in a state s is the number of the candidate’s components that are true in s when the fixed variables have been instantiated according to γ. Given a cardinality set S = {x | x ∈ N}, the semantics of a candidate C is: for all the possible instances γ of C, if the weight of γ is within S in a state s, then it is within S in any successor state s� of s. Thus, if we prove that the candidate C holds (i.e. C is an invariant) and is satisfied in the initial state, we have that at most k = max(S) atoms in Φ are true in any reachable state. Since we focus on finding mutually exclusive sets of propositions, we are interested in cases in which at most one atom in Φ is true in any reachable state. Considering the Logistics domain again, the candidate Cat means that, for each truck trk in the domain, if the number of locations loc where at(trk,loc) is true is at most one in a state s, then it is at most one in any successor state s� of s. If we prove that what is stated by the candidate is true and each truck is at a maximum of one location in the initial state, then each truck cannot be at multiple locations at the same time in any reachable state. Hence, for each truck, we can create a state variable that corresponds to the predicate at and represents the position of the truck. The values of this variable represent the presence of the truck in the various locations that it can occupy. In Helmert’s work, he considers only the cardinality set S = {1}. However, we consider the set S = {0, 1} because, with durative actions, it is common for a proposition to be deleted at the beginning of an action (e.g. the location of an object being moved), and replaced by a new proposition at the end of the action (e.g. the new location of the object). This corresponds to a decrease in the weight of γ to zero at the beginning of the action, and an increase back to one at the end. Allowing S = {0, 1} could be useful in nontemporal domains as well, since it allows operators bringing the weight from zero to one to be classified as safe for invariThe weight of γ is equal to the cardinality of the set of all ground atoms that unify with some φ ∈ Φ under γ in s. ance conditions. This approach therefore allows us to find more invariants than the techniques using only S = {1}. Although we focus here on S = {0, 1}, our technique for finding invariants can be generalized to larger cardinality sets. Invariance Conditions In order to show that a candidate C is an actual invariant, we need to guarantee that, for any instance γ of C, the weight of γ is within the cardinality set S = {0, 1} in the initial state and all the operators in the domain D keep the weight within this set. When an operator satisfies this condition, we say that it is safe and so it does not threaten the candidate C. More formally, given an instance γ of a candidate C, an operator op is safe if, for any situation where: i) the weight of γ is less than or equal to one prior to executing op and ii) it is legal to execute op, the weight of γ is guaranteed to remain less than or equal to one through the execution of op and immediately following op. A domain D is safe for C if and only if all operators in D are safe for any instance γ of C. A sufficient condition for C to be an actual invariant is that the domain is safe for C. Given a candidate C and an instance γ, when can we ensure that an operator op is safe, i.e. maintains the weight of γ within the cardinality set S = {0, 1}? Clearly, if the operator does not change the weight of γ, then it is safe. On the other hand, if an operator increases the weight of γ by two or more at any time-point, it is definitely not safe. If the operator increases the weight of γ by one, there might be circumstances in which it is safe, depending on the structure of the conditions and the effects of the operator itself and on its interactions with other operators. Given an instance γ of a candidate C, an operator op is safe if it falls in one of the following six categories: 1. Type N Inert. The operator op does not affect the weight of γ. Clearly, an inert operator is safe because it preserves the weight of γ. Considering a simple Logistics domain, the figure below shows an example of such an operator with respect to the candidate C = �{at(truck,loc)}, {truck}, {loc}�. wash-truck(?truck) (at ?truck ?loc)