probabilistic plan verification through acceptance sampling · efficient plan verification...
TRANSCRIPT
Honeywell LaboratoriesCarnegie Mellon UniversityDavid J. MuslinerHåkan L. S. Younes
Probabilistic Plan Verification through Acceptance Sampling
Introduction
Probabilistic extension to CIRCA Efficient plan verification algorithm
Monte Carlo simulation Acceptance sampling
Guaranteed error bounds
Planning via Model Checking
Planner Model checker
candidate plan
verification result
objectives,environment safety constraints
World Model
States…
normal pathno threat
normal pathradar threat
evasive pathradar threat
evasive pathno threat
FAILURE
World Model
States + events = environment
normal pathno threat
radar threatExp(150)
hitExp(50) + 120
safeU(50,100)
normal pathradar threat
evasive pathradar threat
evasive pathno threat
FAILURE
World Model
A plan maps states to actions
normal pathno threat
radar threatExp(150)
hitExp(50) + 120
safeU(50,100)
end evasiveU(25,50)
begin evasiveU(25,50)
normal pathradar threat
evasive pathradar threat
evasive pathno threat
FAILURE
Sample Execution Paths
normal pathno threat
normal pathradar threat
evasive pathradar threat
evasive pathno threat
normal pathno threat
radar threat begin evasive safe end evasive
41.9 45.8 93.5 43.4 …
normal pathno threat
normal pathradar threat
evasive pathradar threat FAILURE
begin evasive hitradar threat
44.1 48.7 92.2
Plan Safety
Two parameters Failure probability threshold: θ Maximum execution time: tmax
A plan is safe if the probability of reaching a failure state within tmax time units is at most θ
Safety Over Sample Execution Paths
Given tmax = 200:
normal pathno threat
normal pathradar threat
evasive pathradar threat
evasive pathno threat
normal pathno threat
radar threat begin evasive safe end evasive
41.9 45.8 93.5 43.4 …+ + + > 200
Safe!
Safety Over Sample Execution Paths
Given tmax = 200:
normal pathno threat
normal pathradar threat
evasive pathradar threat FAILURE
begin evasive hitradar threat
44.1 48.7 92.2+ + ≤ 200
Not safe!(safe if tmax < 185)
Verifying Plan Safety
Symbolic Methods Pro: Exact solution Con: Works only for restricted class of
models Sampling
Pro: Works for any model that can be simulated
Con: Uncertainty in correctness of solution
Our Approach
Use simulation to generate sample execution paths
Use sequential acceptance sampling to verify plan safety
Error Bounds
Probability of false negative: ≤α We say that a plan is not safe when it is
Probability of false positive: ≤β We say that a plan is safe when it is not
Acceptance Sampling
Test hypothesis Pr≤θ(X) In our case
θ is the failure probability threshold X is the proposition that a failure state is
reached within the time limit
Sequential Acceptance Sampling
Test hypothesis Pr≤θ(X)True, false,or anothersample?
Performance of Test
Actual failure probability of plan
Prob
abili
ty o
f ac
cept
ing
Pr≤
θ (X
) as
tru
e
θ
1 – α
β
Ideal Performance
False positives
Actual failure probability of plan
Prob
abili
ty o
f ac
cept
ing
Pr≤
θ (X
) as
tru
e
θ
1 – α
β
False negatives
Actual Performance
θ – δ θ + δActual failure probability of plan
Prob
abili
ty o
f ac
cept
ing
Pr≤
θ (X
) as
tru
e
θ
1 – α
βFalse positives
False negatives
Indifference region
Graphical Representation of Sequential Test
Number of samples
Num
ber
ofne
gativ
e sa
mpl
es
Graphical Representation of Sequential Test
We can find an acceptance line and a rejection line given θ, δ, α, and β
Accept
Reject
Continue sampling
Number of samples
Num
ber
ofne
gativ
e sa
mpl
es
Graphical Representation of Sequential Test
Accept hypothesis
Accept
Reject
Continue sampling
Number of samples
Num
ber
ofne
gativ
e sa
mpl
es
Graphical Representation of Sequential Test
Reject hypothesis
Accept
Reject
Continue sampling
Number of samples
Num
ber
ofne
gativ
e sa
mpl
es
Example
Verify plan with θ=0.05, δ=0.01, α=β=0.05, tmax=200
normal pathno threat
radar threatExp(150)
hitExp(50) + 120
safeU(50,100)
end evasiveU(25,50)
begin evasiveU(25,50)
normal pathradar threat
evasive pathradar threat
evasive pathno threat
FAILURE
Example
Verify plan with θ=0.05, δ=0.01, α=β=0.05, tmax=200
Simulator
150100 200
2
6
Number of samples
8
Neg
ativ
e sa
mpl
es
50
4
10
12
14
16
18
Performance
Failure probability
Aver
age
num
ber
of s
ampl
es
δ = 0.01, α = β = 0.05δ = 0.01, α = β = 0.10δ = 0.02, α = β = 0.05δ = 0.02, α = β = 0.10
0
200
400
600
800
1000
0 0.02 0.04 0.06 0.08 0.1θ
Summary
Probabilistic extension to CIRCA Allows for plans with non-zero failure
probability Efficient plan verification algorithm
based on acceptance sampling Guaranteed error bounds Easy to trade efficiency for accuracy
Future Work
Sensitivity analysis Using verification result to guide plan
generation “Generalized semi-Markov Decision
Processes”