It is becoming increasingly important to verify safety and security of AI applications. While declarative languages (of the kind found in automated planners and model checkers) are traditionally used for verifying AI systems, a big challenge is to design methods that generate verified executable programs. A good example of such a “verification to implementation” cycle is given by automated planning languages like PDDL, where plans are found via a model search in a declarative language, but then interpreted or compiled into executable code in an imperative language. In this paper, we show that this method can itself be verified. We present a formal framework and a prototype Agda implementation that represent PDDL plans as executable functions that inhabit types that are given by formulae describing planning problems. By exploiting the well-known Curry-Howard correspondence, type-checking then automatically ensures that the generated program corresponds precisely to the specification of the planning problem.
KeywordsAI planning Curry-Howard correspondence Constructive logic Verification Dependent types
This research has been generously supported by EPSRC Platform Grant EP/N014758/1 “The Integration and Interaction of Multiple Mathematical Reasoning Processes”, EPSRC Doctoral Training Partnership, EPSRC grant EP/PP020631 “Discovery: Pattern Discovery and Program Shaping for Manycore Systems”, and by EU Horizon 2020 grant ICT-779882 “TeamPlay: Time, Energy and security Analysis for Multi/Many-core heterogenous PLAtforms”.
- 1.Claßen, J., Eyerich, P., Lakemeyer, G., Nebel, B.: Towards an integration of Golog and planning. In: Veloso, M.M. (ed.) IJCAI 2007, Proceedings of the 20th International Joint Conference on Artificial Intelligence, Hyderabad, India, 6–12 January 2007, pp. 1846–1851 (2007)Google Scholar
- 3.Dutertre, B., De Moura, L.: The Yices SMT solver. Technical report, August 2006. Tool paper at http://yices.csl.sri.com/tool-paper.pdf
- 5.Fourati, F., Bhiri, M.T., Robbana, R.: Verification and validation of PDDL descriptions using Event-B formal method. In: 2016 5th International Conference on Multimedia Computing and Systems (ICMCS), pp. 770–776, September 2016Google Scholar
- 8.Howey, R., Long, D., Fox, M.: VAL: automatic plan validation, continuous effects and mixed initiative planning using PDDL. In: 16th IEEE International Conference on Tools with Artificial Intelligence, pp. 294–301 (2004)Google Scholar
- 11.McDermott, D., et al.: PDDL - The Planning Domain Definition Language (Version 1. 2). Technical Report CVC TR-98-003/DCS TR-1165, Yale Center for Computational Vision and Control (1998)Google Scholar
- 12.Necula, G.C.: Proof-carrying code. In: POPL, pp. 106–119 (1997)Google Scholar
- 13.Ong, L.: Higher-order model checking: an overview. In: 30th Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2015, Kyoto, Japan, 6–10 July 2015, pp. 1–15 (2015)Google Scholar
- 14.Raimondi, F., Pecheur, C., Brat, G.: PDVer, a tool to verify PDDL planning domains. In: ICAPS 2009 Workshop on Verification and Validation of Planning and Scheduling Systems, Thessaloniki, Greece, 20 September 2009Google Scholar
- 17.Scwaab, C., Hill, A., Farka, F., Komendantskaya, E.: Proof-Carrying Plans: Agda Implementation and Examples (2018). https://github.com/PDTypes
- 18.Scwaab, C., et al.: Proof-Carrying Plans: Extended Version of This Paper with Appendices (2018). https://github.com/PDTypes/PADL19/blob/master/padl-pddl-verification.pdf
- 21.Waldinger, R.J.: Achieving several goals simultaneously. Machine Intelligence 8 (1977)Google Scholar
- 22.Zarrieß, B., Claßen, J.: Decidable verification of GOLOG programs over non-local effect actions. In: Schuurmans, D., Wellman, M.P. (eds.) Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence, Phoenix, Arizona, USA, 12–17 February 2016, pp. 1109–1115. AAAI Press (2016)Google Scholar