Probabilistic Plan Verification through Acceptance Sampling

1
Probabilistic Plan Verification through
Acceptance Sampling
Håkan L. S. Younes David J. Musliner
Carnegie Mellon University Honeywell Laboratories
2
Introduction

• Probabilistic extension to CIRCA
• Efficient plan verification algorithm
• Monte Carlo simulation
• Acceptance sampling
• Guaranteed error bounds

3
Planning via Model Checking
objectives, environment
safety constraints
candidate plan
Planner
Model checker
verification result
4
World Model

• States

evasive pathno threat
normal pathno threat
evasive pathradar threat
FAILURE
normal pathradar threat
5
World Model

• States events environment

evasive pathno threat
safeU(50,100)
normal pathno threat
evasive pathradar threat
FAILURE
hitExp(50) 120
radar threatExp(150)
normal pathradar threat
6
World Model

• A plan maps states to actions

evasive pathno threat
end evasive U(25,50)
safeU(50,100)
normal pathno threat
evasive pathradar threat
FAILURE
hitExp(50) 120
begin evasive U(25,50)
radar threatExp(150)
normal pathradar threat
7
Sample Execution Paths
8
Plan Safety

• Two parameters
• Failure probability threshold ?
• Maximum execution time tmax
• A plan is safe if the probability of reaching a
  failure state within tmax time units is at most ?

9
Safety Over Sample Execution Paths

• Given tmax 200

radar threat
begin evasive
safe
end evasive
normal pathno threat
normal pathradar threat
evasive pathradar threat
evasive pathno threat
normal pathno threat
41.9
45.8
93.5
43.4

10
Safety Over Sample Execution Paths

• Given tmax 200

begin evasive
hit
radar threat
normal pathno threat
normal pathradar threat
evasive pathradar threat
FAILURE
44.1
48.7
92.2
11
Verifying Plan Safety

• Symbolic Methods
• Pro Exact solution
• Con Works only for restricted class of models
• Sampling
• Pro Works for any model that can be simulated
• Con Uncertainty in correctness of solution

12
Our Approach

• Use simulation to generate sample execution paths
• Use sequential acceptance sampling to verify plan
  safety

13
Error Bounds

• Probability of false negative ?
• We say that a plan is not safe when it is
• Probability of false positive ?
• We say that a plan is safe when it is not

14
Acceptance Sampling

• Test hypothesis Pr?(X)
• In our case
• ? is the failure probability threshold
• X is the proposition that a failure state is
  reached within the time limit

15
Sequential Acceptance Sampling

• Test hypothesis Pr?(X)

16
Performance of Test
17
Ideal Performance
False negatives
False positives
18
Actual Performance
False negatives
Indifference region
False positives
19
Graphical Representation of Sequential Test
20
Graphical Representation of Sequential Test

• We can find an acceptance line and a rejection
  line given ?, ?, ?, and ?

21
Graphical Representation of Sequential Test

• Accept hypothesis

22
Graphical Representation of Sequential Test

• Reject hypothesis

23
Example

• Verify plan with ?0.05, ?0.01, ??0.05,
  tmax200

evasive pathno threat
end evasive U(25,50)
safeU(50,100)
normal pathno threat
evasive pathradar threat
FAILURE
hitExp(50) 120
begin evasive U(25,50)
radar threatExp(150)
normal pathradar threat
24
Example

• Verify plan with ?0.05, ?0.01, ??0.05,
  tmax200

18
16
14
12
10
Negative samples
8
6
Simulator
4
2
150
100
200
50
Number of samples
25
Performance
? 0.01, ? ? 0.05 ? 0.01, ? ? 0.10 ?
0.02, ? ? 0.05 ? 0.02, ? ? 0.10
Average number of samples
?
Failure probability
26
Summary

• Probabilistic extension to CIRCA
• Allows for plans with non-zero failure
  probability
• Efficient plan verification algorithm based on
  acceptance sampling
• Guaranteed error bounds
• Easy to trade efficiency for accuracy

27
Future Work

• Sensitivity analysis
• Using verification result to guide plan
  generation
• Generalized semi-Markov Decision Processes