Probabilistic Plan Verification through Acceptance Sampling · Efficient plan verification...

transcript

Honeywell LaboratoriesCarnegie Mellon UniversityDavid J. MuslinerHåkan L. S. Younes

Probabilistic Plan Verification through Acceptance Sampling

Introduction

Probabilistic extension to CIRCA Efficient plan verification algorithm

Monte Carlo simulation Acceptance sampling

Guaranteed error bounds

Planning via Model Checking

Planner Model checker

candidate plan

verification result

objectives,environment safety constraints

World Model

States…

normal pathno threat

normal pathradar threat

evasive pathradar threat

evasive pathno threat

FAILURE

World Model

States + events = environment

radar threatExp(150)

hitExp(50) + 120

safeU(50,100)

FAILURE

World Model

A plan maps states to actions

hitExp(50) + 120

safeU(50,100)

end evasiveU(25,50)

begin evasiveU(25,50)

FAILURE

Sample Execution Paths

radar threat begin evasive safe end evasive

41.9 45.8 93.5 43.4 …

evasive pathradar threat FAILURE

begin evasive hitradar threat

44.1 48.7 92.2

Plan Safety

Two parameters Failure probability threshold: θ Maximum execution time: tmax

A plan is safe if the probability of reaching a failure state within tmax time units is at most θ

Safety Over Sample Execution Paths

Given tmax = 200:

radar threat begin evasive safe end evasive

41.9 45.8 93.5 43.4 …+ + + > 200

Safety Over Sample Execution Paths

Given tmax = 200:

evasive pathradar threat FAILURE

begin evasive hitradar threat

44.1 48.7 92.2+ + ≤ 200

Not safe!(safe if tmax < 185)

Verifying Plan Safety

Symbolic Methods Pro: Exact solution Con: Works only for restricted class of

models Sampling

Pro: Works for any model that can be simulated

Con: Uncertainty in correctness of solution

Our Approach

Use simulation to generate sample execution paths

Use sequential acceptance sampling to verify plan safety

Error Bounds

Probability of false negative: ≤α We say that a plan is not safe when it is

Probability of false positive: ≤β We say that a plan is safe when it is not

Acceptance Sampling

Test hypothesis Pr≤θ(X) In our case

θ is the failure probability threshold X is the proposition that a failure state is

reached within the time limit

Sequential Acceptance Sampling

Test hypothesis Pr≤θ(X)True, false,or anothersample?

Performance of Test

Actual failure probability of plan

1 – α

Ideal Performance

False positives

Actual failure probability of plan

1 – α

False negatives

Actual Performance

θ – δ θ + δActual failure probability of plan

1 – α

βFalse positives

False negatives

Indifference region

Graphical Representation of Sequential Test

Number of samples

We can find an acceptance line and a rejection line given θ, δ, α, and β

Accept

Reject

Continue sampling

Number of samples

Accept hypothesis

Accept

Reject

Continue sampling

Number of samples

Reject hypothesis

Accept

Reject

Continue sampling

Number of samples

Example

Verify plan with θ=0.05, δ=0.01, α=β=0.05, tmax=200

hitExp(50) + 120

safeU(50,100)

end evasiveU(25,50)

begin evasiveU(25,50)

FAILURE

Example

Verify plan with θ=0.05, δ=0.01, α=β=0.05, tmax=200

Simulator

150100 200

Number of samples

Performance

Failure probability

δ = 0.01, α = β = 0.05δ = 0.01, α = β = 0.10δ = 0.02, α = β = 0.05δ = 0.02, α = β = 0.10

0 0.02 0.04 0.06 0.08 0.1θ

Summary

Probabilistic extension to CIRCA Allows for plans with non-zero failure

probability Efficient plan verification algorithm

based on acceptance sampling Guaranteed error bounds Easy to trade efficiency for accuracy

Future Work

Sensitivity analysis Using verification result to guide plan

generation “Generalized semi-Markov Decision

Processes”

Probabilistic Plan Verification through Acceptance Sampling · Efficient plan verification...

Documents