Read your PDF for free
Sign up to get access to over 50 million papers
By continuing, you agree to our Terms of Use
Continue with Email
Sign up or log in to continue reading.
Welcome to Academia
Sign up to continue reading.
Hi,
Log in to continue reading.
Reset password
Password reset
Check your email for your reset link.
Your link was sent to
Please hold while we log you in
Academia.eduAcademia.edu

L’Esprit Saint, maître de silence

2011, Nouvelle revue théologique

In presence of incomplete information about the world we need to distinguish between the state of the world and the state of the agent's knowledge about the world. In such a case the agent may need to have at its disposal sensing actions that change its state of knowledge about the world and may need to construct more general plans consisting of sensing actions and conditional statements to achieve its goal. In this paper we first develop a high-level action description language that allows specification of sensing actions and their effects in its domain description and allows queries with conditional plans. We give provably correct translations of domain description in our language to axioms in first-order logic, and relate our formulation to several earlier formulations in the literature. We then analyze the state space of our formulation and develop several sound approximations that have much smaller state spaces. Finally we define regression of knowledge formulas over conditional plans.

Artificial Intelligence 125 (2001) 19–91 Formalizing sensing actions— A transition function based approach Tran Cao Son a,∗ , Chitta Baral b a Knowledge Systems Laboratory, Computer Science Department, Stanford University, Stanford, CA 94305, USA b Department of Computer Science Engineering, Arizona State University, Tempe, AZ 85287, USA Received 21 April 1998; received in revised form 1 December 1999 Abstract In presence of incomplete information about the world we need to distinguish between the state of the world and the state of the agent’s knowledge about the world. In such a case the agent may need to have at its disposal sensing actions that change its state of knowledge about the world and may need to construct more general plans consisting of sensing actions and conditional statements to achieve its goal. In this paper we first develop a high-level action description language that allows specification of sensing actions and their effects in its domain description and allows queries with conditional plans. We give provably correct translations of domain description in our language to axioms in first-order logic, and relate our formulation to several earlier formulations in the literature. We then analyze the state space of our formulation and develop several sound approximations that have much smaller state spaces. Finally we define regression of knowledge formulas over conditional plans.  2001 Elsevier Science B.V. All rights reserved. Keywords: Sensing actions; Action description languages; Conditional plans; Regression of knowledge formulas; Incomplete information; Approximate reasoning 1. Introduction and motivation Unlike actions that change the world, sensing or knowledge producing actions change what the agent knows about the world. Consider the following example of a high security door. The action of pushing the door (push_door)—when executed in a world where the (lock of the) door is initially unlocked and not jammed—will change the world so that * Corresponding author. E-mail addresses: tson@ksl.stanford.edu (T.C. Son), chitta@asu.edu (C. Baral). 0004-3702/01/$ – see front matter  2001 Elsevier Science B.V. All rights reserved. PII: S 0 0 0 4 - 3 7 0 2 ( 0 0 ) 0 0 0 8 0 - 1 20 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 after the action is performed the door is open. The same action if executed when the door is locked will jam the door. Similarly, the action of flipping the lock (flip_lock) will unlock a locked door and lock an unlocked door. On the other hand the sensing action of checking the lock of the door (check_if _locked) will result in the agent knowing if the door is locked or not. Sensing actions play an important role when an agent needs to plan in presence of incomplete information. Consider the case when our agent initially (i.e., in the initial situation) does not know if the door is locked or not, but knows that the door is not jammed and is not open and its goal is to open the door. We will assume that the only actions it can perform are the ones described earlier: check_if _locked, flip_lock and push_door. We now argue that the agent cannot just construct a classical plan—consisting of a sequence of actions—that will always (i.e., regardless of what the real state of the world is) succeed in reaching the agent’s goal. Let us first consider the plan P1 consisting of push_door. This plan will not work if the door is initially locked. In fact it will jam the door, and no subsequent action sequence will result in the door being open. Let us now consider the plan P2 consisting of flip_lock; push_door. This plan will not work if the door is initially unlocked. In fact it will also jam the door, and no subsequent action sequence will result in the door being open. Therefore, neither P1 , nor P2 , and nor any plan that starts with P1 and P2 will work in both cases. This, together with the fact that the action check_if _locked does not change the world and a sequence of flip_locks is equivalent to zero or a single flip_lock, is enough to conclude that there does not exist a classical plan that will work for all possible initial situations. The following simple conditional plan P3 , IF ¬door_locked THEN push_door ELSE flip_lock; push_door is not appropriate either. That is because the agent not knowing whether door_locked is true or not cannot execute this plan. A correct conditional plan, P4 , that will always achieve the goal uses the sensing action check_if _locked, and is as follows: check_if _locked; IF ¬door_locked THEN push_door ELSE flip_lock; push_door. Thus sensing actions are very important for planning in presence of incomplete information. In the past, sensing actions have been formalized in [24,38,40,41,49] and planning in presence of incomplete information has been studied in [11,15,16,18,23,28,31,44,46, 50,54]. To motivate our work we now briefly review the earlier formalizations of sensing actions. 1.1. Moore’s formalization To the best of our knowledge sensing actions were first formalized by Moore in his dissertation [40] and in some of his later papers; for example, [41]. Moore uses possible T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 21 world semantics to represent knowledge and treats the accessibility relation between worlds as a fluent when reasoning about sensing and non-sensing actions. • He describes how the knowledge of an agent may change after executing a nonsensing action a, by defining the accessibility relation between the worlds that may be reached after executing the action a. According to him, for any two possible worlds w1 and w2 such that w2 is the result of the execution of a in w1 , the worlds that are compatible with what the agent knows in w2 are exactly the worlds that are the result of executing a in some world that is compatible with what the agent knows in w1 . This can be formally written as follows: ∀w1 , w2 .(w2 = do(a, w1 ) ⊃ ∀w3 .(acc(w2 , w3 ) ≡ ∃w4 .acc(w1 , w4 ) ∧ w3 = do(a, w4 ))). (1.1) The above formula (and the next formula) is a simplified version of Moore’s original formula. Here we use the function do from situation calculus, 1 use acc(w, w′ ) to denote that w′ is accessible from (or is compatible with) w, and assume a single agent world. • He also describes how the knowledge of an agent may change after executing a sensing action sensef , by defining accessibility relation between the worlds that may be reached after executing sensef . Suppose sensef is an action that the agent can perform to know if f is true or not. Then for any world represented by w1 and w2 such that w2 is the result of sensef happening in w1 , the world that is compatible with what the agent knows in w2 are exactly those worlds that are the result of sensef happening in some world that is compatible with what the agent knows in w1 , and in which f has the same truth value as in w2 . This can be formally written as follows: ∀w1 , w2 .(w2 = do(sensef , w1 ) ⊃ ∀w3 .((acc(w2 , w3 ) ≡ ∃w4 . acc(w1 , w4 ) ∧ w3 = do(sensef , w4 ) ∧ f (w2 ) ≡ f (w3 ))). (1.2) 1.2. Scherl and Levesque’s formalization Scherl and Levesque [49] adapted Moore’s formulation to situation calculus and proved several important results about their formulation such as: knowledge-producing actions do not affect fluents other than the knowledge fluent; and that actions that are not knowledge-producing only affect the knowledge fluent as appropriate. They also showed how regression can be applied to knowledge-producing actions. Their slight simplification of Moore’s formulation is given by the following two formulas: (Note that in their use of the relation K, which we will follow in the rest of the 1 do(a, w) denotes the world reached after executing the action a in the world w. 22 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 paper, the arguments are reversed from their normal modal logic use. I.e., K(s′ , s) is read as “the situation s′ is accessible from the situation s”. Also, situation is a term constructed by repeated application of do to the initial situation S0 .) K(s′′ , do(a, s)) ≡ (∃s′ .K(s′ , s) ∧ s′′ = do(a, s′ )), ′′ ′ ′ (1.3) ′′ ′ ′ K(s , do(sensef , s)) ≡ (∃s .K(s , s) ∧ s = do(sensef , s ) ∧ f (s ) ≡ f (s)). (1.4) 1.3. Our simplification One of our goals in this paper is to make it easy to visualize the state space we have to deal with when searching for plans in presence of sensing actions and incomplete information. Many formulations of planning (for example, most research on decision theoretic planning) often assume the existence of a transition function defining a transition between states—a collection of fluents—due to actions, and do not necessarily depend on a logical formulation defining this function. The questions that we would like to answer are: What is a “state” when we need to distinguish between the state of the world and the state of the knowledge of an agent? How are state transitions due to actions—both sensing and non-sensing—defined? To answer the first question we introduce the notion of a c-state (or combined state) which is a pair consisting of: (i) the real state of the world, s; and (ii) the state of the agent’s knowledge about the world given by the set of states Σ, that the agent thinks it may be in. The transition between c-states due to actions—denoted by Φ(a, hs, Σi)—can then be defined in terms of the original transition between states (defined using the function Res) in the following way: • If a is a non-sensing action then for any c-state σ = hs, Σi, Φ(a, σ ) is defined as the pair hRes(a, s), {s ′ | s ′ = Res(a, s ′′ ) for some s ′′ ∈ Σ}i. • If sensef is a sensing action that senses the fluent f then for any c-state σ = hs, Σi, Φ(sensef , σ ) is defined as the pair hs, {s ′ | s ′ ∈ Σ such that f ∈ s iff f ∈ s ′ }i. Consider our example in the beginning of this section. The two possible initial c-states— with explicit representation of negative fluents—for this example are: σ1 = h{locked}, {{locked}, ∅}i and σ2 = h∅, {{locked}, ∅}i. In Fig. 1 we give a fragment of the state space diagram of this example illustrating how transitions take place between one c-state to another because of actions. For a logical formalization of the above we simplify Moore’s and Scherl and Levesque’s formulation by assuming that we only need to proceed from the K relation about the initial situation to possible future situations. The formulas (1.3) and (1.4) can then be modified as follows: K(do(a, s′ ), do(a, s)) ≡ K(s′ , s), ′ (1.5) ′ ′ K(do(sensef , s ), do(sensef , s)) ≡ (K(s , s) ∧ f (s ) ≡ f (s)). (1.6) T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 23 Fig. 1. Transition between c-states in the door opening example. Using the above two formulas, successor state axioms about actions [47], and information about the initial situation, we can then reason about what is known to be true in a future situation. We discuss this formulation in further detail in Section 2.3. 1.4. Our goals Our first goal in this paper is to augment the high-level language A [20,21] to allow specifications and reasoning about sensing actions. We will call the new language AK . The semantics of domain descriptions in AK will be defined using the transition functions introduced in the previous subsection. The motivation behind doing this is the simplicity of high-level languages and the fact that no knowledge about particular logics is necessary to understand the concept. But we pay the price of being less general than when the formalization is done in a standard logical language (classical logic possibly augmented with circumscription, logic programming, default logic, etc.). But then later we give formalizations in logic, and prove the correctness of our logical formalization with respect 24 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 to our original formalization. Thus our initial formalization using a high-level language— which is simpler to follow—can play the role of a benchmark for formalizations in standard logical languages. Our second goal, and perhaps the most important aspect of this paper, is to develop approximations of the language AK . The motivation behind that is the possible state space n explosion in AK . In presence of n fluents, we will have 2n possible states and 22 +n possible c-states. We develop several approximations with much smaller state space (3n ) but with varying complexity in computing transitions. We then show the soundness of these approximations. Finally, we relate our formulations with earlier formulations of sensing actions—in particular with Scherl and Levesque’s [49] formulation and Lobo et al.’s [38] formulation— and show that: (i) when we translate domain descriptions in our language to Scherl and Levesque’s formulation we obtain similar conclusions, and (ii) when we make certain assumptions about our knowledge about the initial state then domain descriptions in our language have the same semantics as that of the semantics defined by Lobo et al. [38]. We also discuss some of the earlier work on planning with sensing actions [15,16,22,23], compare the formulations there with that of ours, and briefly describe earlier work on regression and adapt a simplified version of regression from [49] to define regression with respect to conditional plans. 2. The language AK In this section we introduce AK —an extension of the language A in [21]—which allows reasoning about sensing actions. (Strictly speaking, AK is a variation of A instead of an extension, as unlike in A, we do not allow observations or hypothesis about non-initial situations in our domain descriptions. Moreover, our language has two components [4,34]: one which defines domain descriptions and another which defines queries.) 2.1. Syntax of AK We begin with two disjoint nonempty sets of symbols, called fluent names (or fluents) and action names (or actions). A fluent literal is either a fluent name or a fluent name preceded by ¬. For a fluent f , by ¬f we mean f , and by f we mean ¬f . 2.1.1. Domain descriptions in AK A v-proposition (value proposition) is an expression of the form initiallyf (2.1) where f is a fluent literal. Intuitively, the above v-proposition means that the fluent literal f is initially known to be true. (In A, where v-propositions describe the initial state of the world instead of what the agent knows about the initial state of the world, the above proposition has a slightly different meaning. There, the above proposition means that the fluent literal f is true in the initial state of the world.) T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 25 Two v-propositions initiallyf and initiallyg are said to be contradictory if f = g. An ef-proposition (effect proposition) is an expression of the form a causesf if p1 , . . . , pn (2.2) where a is an action, and each of f, p1 , . . . , pn (n > 0) is a fluent literal. The set of fluent literals {p1 , . . . , pn } is referred to as the precondition of the ef-proposition and f is referred to as the effect of this ef-proposition. Intuitively this proposition conveys the meaning that f is guaranteed to be true after the execution of an action a in any state of the world where p1 , . . . , pn are true. If n = 0, we will drop the if part and simply write a causesf . Two ef-propositions with preconditions p1 , . . . , pn and q1 , . . . , qm respectively are said to be contradictory if they describe the effect of the same action a on complementary f ’s, and {p1 , . . . , pn } ∩ {q1 , . . . , qm } = ∅. An ex-proposition (executability proposition) is an expression of the form executable a if p1 , . . . , pn (2.3) where a is an action, and each of p1 , . . . , pn (n > 0) is a fluent literal. Intuitively, this proposition conveys the meaning that the action a is executable in any state of the world where p1 , . . . , pn are true. If n = 0, we will drop the if part and simply write executable a. A k-proposition (knowledge proposition) is an expression of the form a determines p (2.4) where a is an action and p is a fluent. Intuitively, the above proposition conveys the meaning that if a is executed in a situation, then in the resulting situation the truth value of p becomes known. A proposition is a v-proposition, ef-proposition, ex-proposition or a k-proposition. A domain description is a set of propositions, which does not contain (i) contradictory v-propositions; or (ii) contradictory ef-propositions. Actions occurring in ef-propositions and k-propositions are called non-sensing actions and sensing actions, respectively. In this paper—to avoid distraction from the main points— we make the further assumption that the set of sensing actions and the set of non-sensing actions are disjoint. Following is an example of a domain description in our language. Example 1. Let us consider an agent who has to disarm a bomb which can only be done safely—i.e., without exploding—if a special lock on the bomb has been switched off (locked); otherwise it explodes. The agent can determine if the lock is locked or not by looking at the lock. He can also turn the lock from the locked position to the unlocked position and vice versa. He can only execute the above actions if the bomb has not exploded. Initially, the agent knows that the bomb is not disarmed and is not exploded. We can describe the above story by the following domain description. 26 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91            disarm causes exploded if ¬locked      disarm causes disarmed if locked      turn causes ¬locked if locked = D1  turn causes locked if ¬locked      look determines locked      executable look if ¬exploded      executable turn if ¬exploded     executable disarm if ¬exploded initially ¬disarmed initially ¬exploded 2.1.2. Queries in AK As discussed in Section 1, in the presence of incomplete information and knowledge producing actions, we need to extend the notion of a plan from a sequence of actions so as to allow conditional statements. In the following definition we formalize the notion of a conditional plan. Definition 1 (Conditional plan). (1) An empty sequence of action, denoted by [ ], is a conditional plan. (2) If a is an action then a is a conditional plan. (3) If c1 , . . . , cn (n > 1) are conditional plans and ϕ1 , . . . , ϕn are conjunction of fluent literals, (which are mutually exclusive but not necessarily exhaustive) then the following is a conditional plan. (We refer to such a plan as a case plan). Case ϕ 1 → c1 ... ϕ n → cn Endcase (4) If c1 , c2 are conditional plans then c1 ; c2 is a conditional plan. (5) Nothing else is a conditional plan. Intuitively, the case plan is a case statement where the agent evaluates the various ϕi ’s with respect to its knowledge. If it knows that ϕi is true for some i it executes the corresponding ci . If none of the ϕi ’s are true then the case plan fails and the execution of the conditional plan which contains this case plan also fails. There are two kind of queries that we can ask our domain descriptions. They are of the form: Knows ϕ after c (2.5) Kwhether ϕ after c (2.6) T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 27 where c is a conditional plan and ϕ is a fluent formula. Intuitively, the first query is about asking if a domain description entails that the fluent formula ϕ will be known to be true after executing the conditional plan c in the initial situation, and the second query is about asking if a domain description entails that the fluent formula ϕ will be known to be true or known to be false after executing the conditional plan c in the initial situation. 2.2. Semantics of AK In AK , we have three kinds of states: a world state (often referred to as a state) representing the state of the world, a knowledge state (or a k-state), representing the state of the knowledge of the agent, and a combined state (or a c-state) that is a pair consisting of a world state, and a k-state. As mentioned earlier, the semantics of domain descriptions in AK are defined in terms of models which are pairs consisting of an initial c-state and a transition function that maps pairs of actions and c-states into c-states. In the following we will use small letters beginning from s (possibly with indexes) to denote world states, uppercase Greek letters like Σ (possibly with indexes) to denote kstates, and lowercase Greek letters like σ, δ (possibly with indexes) to denote c-states. The letter c (possibly with indexes) will be used exclusively to denote conditional plans while α (possibly with indexes) will be used to denote a sequence of actions. A state s is a set of fluents and a k-state is a set of states. A combined state (or c-state) of an agent is a pair hs, Σi where s is a state and Σ is a k-state. Intuitively, the state s in a c-state hs, Σi is the real state of the world whereas Σ is the set of possible states which an agent believes it might be in. We say a c-state σ = hs, Σi is grounded if s ∈ Σ. Intuitively, grounded c-states correspond to the assumption that the world state belongs to the set of states that the agent believes it may be in. Given a fluent f and a state s, we say that f holds in s (f is true in s) if f ∈ s; ¬f holds in s (f is false in s) if f ∈ / s. The truth of a propositional fluent formula with respect to s is defined as usual. We say two states s and s ′ agree on a fluent f if (f ∈ s iff f ∈ s ′ ). Given a c-state σ = hs, Σi, we say that a fluent f is known to be true (respectively known to be false) in hs, Σi if f is true (respectively false) in every state s ′ ∈ Σ; and f is known in hs, Σi, if f is known to be true or known to be false in hs, Σi. Given a fluent formula ϕ, we say that ϕ is known to be true (respectively false) in a c-state hs, Σi if ϕ is true (respectively false) in every state s ′ ∈ Σ. An action a is executable in a state s, if there exists an ex-proposition executable a if p1 , . . . , pn in D such that p1 , . . . , pn hold in s. For an action a and a state s, if a is executable in s, we define Ea+ (s) = {f | f is a fluent and there exists an ef-proposition “a causesf if p1 , . . . , pn ” ∈ D such that p1 , . . . , pn hold in s}, Ea− (s) = {f | f is a fluent and there exists an ef-proposition “a causes ¬f if p1 , . . . , pn ” ∈ D such that p1 , . . . , pn hold in s}, and Res(a, s) = s ∪ Ea+ (s) \ Ea− (s). 28 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 If a is not executable in s, we say that Res(a, s) is undefined. Intuitively, Res(a, s) is the state resulting from executing a in s. Since we do not allow contradictory ef-propositions in our domain description, for any pair of an action a and a state s, Ea+ (s) and Ea− (s) are disjoint and uniquely determined. Thus Res is a deterministic function. We are now ready to define Φ, the transition function between c-states. Definition 2. A function Φ from actions and c-states into c-states is called a transition function of D if for all c-state σ = hs, Σi and action a, (1) if a is not executable in s then Φ(a, σ ) is undefined, denoted by Φ(a, σ ) = ⊥; (2) if a is executable in s and a is a non-sensing action, then Φ(a, σ ) = Res(a, s), {s ′ | s ′ = Res(a, s ′′ ) for some s ′′ ∈ Σ such that a is executable in s ′′ } ; and (3) if a is executable in s and a is a sensing action whose k-propositions are a determines f1 , . . . , a determines fm , then Φ(a, σ ) = s, {s ′ | s ′ ∈ Σ such that s and s ′ agree on eachfi , (i 6 m), and a is executable in s ′ } . Since Res is a deterministic function, it is easy to show the following: Proposition 1. Every domain description D possesses a unique transition function Φ. Notice that our definition of the transition function Φ does not stipulate any special requirement on how the Res function is defined. Thus, any action description language [3, 26,53] with a semantics depending on a state transition function like Res can be extended to allow sensing actions. Therefore, several of the other features of action description languages such as multi-valued fluents [19], ramification [26,36], causality [1,35,43], concurrent actions [2,3,37], can be directly added to our framework. For example, to extend our formulation to multi-valued fluents, we have to: (i) extend our propositions to be able to denote different values of the fluents, and (ii) extend our notion of states to be interpretations of the fluents. The definition of transition function will remain the same, except that the notion of s and s ′ agreeing on a fluent f would now mean that s and s ′ have the same value of f . To keep our focus on the main issue of formalizing sensing actions, we do not include these features in our formulation, as they can be directly added when desired. Definition 3. (1) A state s is called an initial state of a domain description D if for every value proposition of the form “initially p” (respectively “initially ¬p”) in D, p is true (respectively false) in s. (2) A c-state hs0 , Σ0 i is an initial c-state of D if s0 is an initial state and Σ0 is a set of initial states of D. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 29 We say an initial c-state σ0 = hs0 , Σ0 i is complete if Σ0 is the set of all initial states. Intuitively, the completeness of initial c-states express the assumption that our agent has complete knowledge about what it knows and does not know about the initial state. We will refer to this as the complete awareness assumption. 2 Even though, we believe that this assumption should not be used indiscriminately, since it reduces the number of initial c-states, we will use it in most of our examples. Definition 4. A model of a domain description D is a pair (σ0 , Φ) such that σ0 is a grounded initial c-state of D and Φ is a transition function of D. A model (σ0 , Φ) is called rational if σ0 is complete. Since the transition function Φ as defined so far can only tell us which c-state is reached after executing an action in a given c-state, we need to extend the function to be able to reason—beyond action sequences—about conditional plans. We call it the extended function of Φ and define it as follows. Definition 5. Let D be a domain description and Φ be its transition function. The extended b which maps pairs of conditional plans and c-states transition function of D, denoted by Φ, into c-states, is defined as follows. b σ) = σ. (1) Φ([], b σ ) = Φ(a, σ ). (2) For an action a, Φ(a, (3) For c = Case ϕ 1 → c1 ... ϕ n → cn Endcase,  b b σ ) = Φ(ci , σ ) Φ(c, ⊥ if ϕi is known to be true in σ , if none of ϕ1 , . . . , ϕn is known to be true in σ . b σ ) = Φ(c b 2 , Φ(c b 1 , σ )). (4) For c = c1 ; c2 , where c1 , c2 are conditional plans, Φ(c, b (5) Φ(c, ⊥) = ⊥ for every conditional plan c. b σ ) 6= ⊥. 3 We say that a conditional plan c is executable in a c-state σ if Φ(c, We are now ready to define the entailment relation for domains of AK . Definition 6. Let D be a domain description, c be a conditional plan, and ϕ be a fluent formula. We say, 2 Turner [52] used a similar assumption called “complete initial situation assumption” according to which each model of his logic programming formulation of actions would have complete information about the initial state. 3 It is easy to see that for every pair of a c-state σ and a conditional plan c, Φ(c, b σ ) = ⊥ or there exists a unique b σ ) = σ ′. c-state σ ′ such that Φ(c, 30 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 (i) D |=AK Knows ϕ after c if c is executable in σ0 and ϕ is known to be true in b σ0 ) for every model (σ0 , Φ) of D; Φ(c, (ii) D |=AK Kwhether ϕ after α if c is executable in σ0 and ϕ is known to be true or b σ0 ) for every model (σ0 , Φ) of D. known to be false in Φ(α, Rational entailment of queries with respect to D—denoted by |=rAK —is defined similarly by only considering rational models of D. The following examples elucidates the above definitions. Example 2. Let D2 be the domain description consisting of the following propositions.    initiallyf      a causes ¬f  senseg determines g = D2     executable a     executable sense g Let s1 = {f, g}, s2 = {f }, s3 = {g}, s4 = ∅. There are two possible complete initial c-states of D2 : σ1 = hs1 , {s1 , s2 }i and σ2 = hs2 , {s1 , s2 }i. Let Φ be the transition function of D2 . We then have: b Φ([a], σ1 ) = Φ(a, σ1 ) = hs3 , {s3 , s4 }i, b b Φ([a; senseg ], σ1 ) = Φ([sense g ], hs3 , {s3 , s4 }i) = hs3 , {s3 }i, b Φ([a], σ2 ) = hs4 , {s3 , s4 }i, b b Φ([a; senseg ], σ2 ) = Φ([sense g ], hs4 , {s3 , s4 }i) = hs4 , {s4 }i. Since g is known to be true in hs3 , {s3 }i and known to be false in hs4 , {s4 }i, we can conclude that D2 |=rAK Kwhether g after [a, senseg ]. However, D2 6|=rAK Kwhether g after [a], because g is not known to be true or known to be false in hs3 , {s3 , s4 }i. Furthermore, D2 6|=rAK Knows g after [a, senseg ], and D2 6|=rAK Knows ¬g after [a, senseg ]. In the following example we consider conditional plans. Example 3. Let us consider the domain description D1 from Example 1. The states of D1 are: s1 = ∅, s2 = {locked}, s5 = {disarmed}, s6 = {disarmed, exploded}, s3 = {exploded}, s7 = {disarmed, locked}, s4 = {locked, exploded}, s8 = {disarmed, locked, exploded}. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 31 The set of initial states of D1 is Σ0 = {s1 , s2 } and the two complete initial c-states of D1 are σ1 = hs1 , Σ0 i and σ2 = hs2 , Σ0 i. Let Φ be the transition function of D1 . Thus, by Definition 4, D1 has two rational models: (σ1 , Φ) and (σ2 , Φ). We have:   b  Φ([look], σ1 ) = hs1 , {s1 }i,      b  Φ([look; disarm], σ1 ) = hs3 , {s3 }i,      b  Φ([look; turn], σ1 ) = hs2 , {s2 }i,     b  Φ([look; turn; disarm], σ1 ) = hs7 , {s7 }i,  (2.7)   b  Φ([look], σ2 ) = hs2 , {s2 }i,      b  Φ([look; disarm], σ2 ) = hs7 , {s7 }i,      b  Φ([look; turn], σ2 ) = hs1 , {s1 }i,     b Φ([look; turn; disarm], σ2 ) = hs3 , {s3 }i.  Based on the above computation we have the following: D1 6|=rAK Knows disarmed after [look; disarm] and D1 6|=rAK Knows disarmed after [look; turn; disarm]. In Proposition A.1 (Appendix A) we show that there exists no sequence of actions α of D1 such that D1 |=rAK Knows disarmed ∧ ¬exploded after α. Let us now consider the conditional plan:   look;        Case         ¬locked → turn = c1 = c   locked → []          Endcase     disarm We will show that D1 |=rAK Knows disarmed ∧ ¬exploded after c. b and the computation of Φ b in (2.7), we have the following: From the definition of Φ b 1 ; disarm, Φ(look, b b 1 ; disarm, Φ(look, σ1 )) b σ1 ) = Φ(c σ1 )) = Φ(c Φ(c, b b 1 , hs1 , {s1 }i)) b 1 ; disarm, hs1 , {s1 }i) = Φ(disarm, Φ(c = Φ(c b b = Φ(disarm, Φ(turn, hs1 , {s1 }i)) (because ¬locked is known to be true in hs1 , {s1 }i) b = Φ(disarm, Φ(turn, hs1 , {s1 }i)) b = Φ(disarm, hs2 , {s2 }i)) = Φ(disarm, hs2 , {s2 }i)) = hs7 , {s7 }i 32 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 and b 1 ; disarm, Φ(look, b b 1 ; disarm, Φ(look, σ2 )) b σ2 ) = Φ(c Φ(c, σ2 )) = Φ(c b b 1 , hs2 , {s2 }i)) b 1 ; disarm, hs2 , {s2 }i) = Φ(disarm, Φ(c = Φ(c b b hs2 , {s2 }i)) = Φ(disarm, Φ([], (because locked is known to be true in hs2 , {s2 }i) b = Φ(disarm, hs2 , {s2 }i)) = Φ(disarm, hs2 , {s2 }i)) = hs7 , {s7 }i. b σ2 ) = hs7 , {s7 }i. Since disarmed ∧ ¬exploded is b σ1 ) = hs7 , {s7 }i and Φ(c, So, Φ(c, known to be true in the c-state hs7 , {s7 }i, by Definition 6, D1 |=rAK Knows disarmed ∧ ¬exploded after c. 2.3. Translating domain descriptions to first-order theories In this section we give a translation of domain descriptions (D) in AK to theories in first-order logic (R(D)), and then show that the translation is sound and complete with respect to AK when answering queries in the language of AK . Our translation from D into R(D) is inspired by the translation of Kartha [25], and uses axioms and notations from [49] and [47]. In this section we use the standard notation of having variables start with small letters and constants start with capital letters. To be consistent we use the same notation for domain descriptions. Let us consider a domain description D. Assume that D contains (1) n sensing actions K1 , . . . , Kn with the k-propositions Ki determines Fi for (1 6 i 6 n), and (2) m value-propositions initially Gi for (1 6 i 6 m). For simplicity, we also assume that each action A in D occurs in at least one executability condition and each sensing action Ki occurs in only one k-proposition. Then, the domain description D can be translated into a many-sorted theory R(D) as follows. Objects of R(D) are of the sorts: action, fluent, and situation. To distinguish with states—which are often denoted by s (possibly with subscripts)—in the previous sections, we use s or S (possibly with subscripts) to denote situations. The vocabulary (signature) of R(D) consists of the following: • a constant S0 of type situation; • constants A of type “action” which correspond to different actions from D (one constant for each action); • constants F of type “fluent” which correspond to different fluents from D (one constant for each fluent); • a function symbol do of the type haction × situation → situationi; • a predicate symbol Holds of the type hfluent, situationi; • a predicate symbol K of the type hsituation, situationi; We will need the following notations. • For a fluent F , Holds(¬F, s) stands for ¬ Holds(F, s). V • For a conjunction of literals ̺ = P1 ∧· · ·∧Pn , Holds(̺, s) denotes ni=1 Holds(Pi , s). 33 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 • For each fluent F and action A, _ def Holds(̺, s), γF+ (A, s) ≡ “A causes F if ̺”∈D _ def γF− (A, s) ≡ Holds(̺, s), and “A causes ¬F if ̺”∈D _ def Poss(A, s) ≡ Holds(̺, s). “executable A if ̺”∈D The axioms of R(D) are described below. (1) The successor state axiom—using Reiter’s formulation in [47]—for an ordinary fluent F and an action A is given by: Poss(A, s) ⊃ [Holds(F, do(A, s)) ≡ γF+ (A, s) ∨ (Holds(F, s) ∧ ¬γF− (A, s))]. (2.8) (2) The successor state axiom for K (borrowed from [49]) and an action A is given by: " Poss(A, s) ⊃ K(s′′ , do(A, s)) ≡ ∃s′ (K(s′ , s) ∧ Poss(A, s′ ) ∧ (s′′ = do(A, s′ ))) ∧ ! n ^ A 6= Kj ∨ j =1 n _ ′ (A = Kj ∧ Holds(Fj , s) ≡ Holds(Fj , s )) j =1 !!# (2.9) , where, recall that, K1 , . . . , Kn are the sensing actions in D that determine F1 , . . . , Fn respectively. (3) For i = 1, . . . , m, R(D) contains (2.10) Holds(Gi , S0 ) where, recall that, G1 , . . . , Gm , are the only fluent literals known to be true in the initial state. (4) The following axioms are for the accessibility relation in the initial situation: K(s, S0 ) ⊃ m ^ Holds(Gi , s) (2.11) i=1 and K(S0 , S0 ). (5) The domain closure assumption (DCA) for fluents: _ f = F. F ∈F (2.12) 34 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 (6) The domain closure assumption (DCA) for actions: _ a = A. A∈A (7) The unique name assumption (UNA) for fluents: ^ F1 6= F2 . F1 ,F2 ∈F F1 ,F2 distinct (8) The unique name assumption (UNA) for actions: ^ A1 6= A2 . A1 ,A2 ∈A A1 ,A2 distinct We now relate the entailment in D and the entailment in R(D), for queries regarding fluent values after a sequence of actions. We use the following notation: • Holds(ϕ, s) is a shorthand for a corresponding formula of Holds with only fluents as its first argument. For example, Holds(f1 ∨ f2 , s) denotes Holds(f1 , s) ∨ Holds(f2 , s). Similarly, Holds(f1 ∧ f2 , s) denotes Holds(f1 , s) ∧ Holds(f2 , s), and as we mentioned before Holds(¬f, s) denotes ¬ Holds(f, s). • Knows (ϕ, S) denotes the formula: ∀s′ (K(s′ , S) ⊃ Holds(ϕ, s′ )). • For a sequence of actions α = [a1; . . . ; ak ] do([], s) denotes s, do(α, s) denotes do(ak , do(ak−1 , . . . , do(a1 , s))), Poss([], s) ≡ true, Poss(α, s) denotes and k ^ Poss(ai , do([a1 ; . . . ; ai−1 ], s)). i=1 Proposition 2. Let D be a domain description, ϕ be a fluent formula, and α be a sequence of actions of D. Then, D |=AK Knows ϕ after α Proof. In Appendix B. iff R(D) |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ). ✷ Our next step is to relate D and R(D) for queries with conditional plans. For that we introduce a three-sorted predicate Apply(c, s, s′ ), whose intuitive meaning is that the conditional plan c executed in situation s takes us to the situation s′ . For example, let c be the conditional plan in Example 3, and s be a situation where ¬locked holds in the real world. Then Apply(c, s, do(disarm, do(turn, do(look, s)))) will be true. Intuitively, this means that when c is executed in s, we reach the situation do(disarm, do(turn, do(look, s))), or if c were to be executed in s, then the action sequence that would be executed from left to right is look; turn; disarm. The definition of ‘Apply’ is similar to the formula ‘Rdo’ in [31]. In our formulation, we will represent a case plan as a list of pairs of conditions and conditional plans using T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 35 three constructor functions: one that constructs a list, another that constructs a pair, and one that constructs a case plan. Any conditional plan can be represented as a list of actions and case plans. For example, the conditional plan c in Example 3 is represented by [look; case([([¬locked], [turn]), ([locked], [])]); disarm]. We now define Apply as a nested abnormality theory (NAT) [33] block. BApply = {min Apply : Apply([], s, s) Poss(a, s) ∧ Apply(α, do(a, s), s′ ) ⊃ Apply([a|α], s, s′ ) ¬Poss(a, s) ⊃ Apply([a|α], s, ⊥) Apply([case([])|c], s, ⊥) Apply(c, ⊥, ⊥) Knows (ϕ, s) ∧ Apply(c, s, s′ ) ∧ Apply(c′′ , s′ , s′′ ) ⊃ Apply([case([(ϕ, c)|r ′ ])|c′′ ], s, s′′ ) ¬Knows(ϕ, s) ∧ Apply([case(r ′ )|c′′ ], s, s′ )) ⊃ Apply([case([(ϕ, c)|r ′ ])|c′′ ], s, s′ ) } In the above nested abnormality theory c and c′′ are conditional plans while r ′ is a list of pairs of conditions and conditional plans. (Note that case(r ′ ) will denote a conditional plan.) The above NAT defines the predicate Apply using circumscription and can be equivalently written as Circ(T ; Apply), where T is the set of seven axioms following “min Apply :” in BApply . That is, we consider only models of T in which the predicate Apply is minimized. This guarantees that every situation is the result of execution of a conditional plan from the initial situation. For more on nested abnormal theories, please see Appendix E. The NAT BApply can be defined in words as follows: • Apply([], s, s) is true, for all s. • For all a, α, s, s′ , Apply([a|α], s, s′ ) is true if Apply(α, do(a, s), s′ ) ∧ Poss(a, s) is true. • For all a, α, s, s′ , Apply([a|α], s, ⊥) is true if Apply(α, do(a, s), s′ ) ∧ ¬ Poss(a, s) is true. • Apply([case([])|c], s, ⊥) is true for all c and s. • Apply(c, ⊥, ⊥) is true for all c. • For all ϕ, s, s′ , s′′ , c, r ′ , c′′ , Apply([case([(ϕ, c)|r ′ ])|c′′ ], s, s′′ ) is true if Knows(ϕ, s) ∧ Apply(c, s, s′ ) ∧ Apply(c′′ , s′ , s′′ ) is true. • For all ϕ, s, s′ , c, r ′ , c′′ , Apply([case([(ϕ, c)|r ′ ])|c′′ ], s, s′ ) is true if ¬Knows(ϕ, s) ∧ Apply([case(r ′ )|c′′ ], s, s′ )) is true. • If none of the above rules is applicable then Apply(c, s, s′ ) is false. We now explain how the above definition entails Apply([a1 ; a2; a3], s, do(a3 , do(a2 , do(a1 , s)))), assuming that Poss([a1 ; a2; a3 ], s) is true. We have that 36 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 • Apply([a1 ; a2; a3], s, do(a1 , do(a2 , do(a3, s)))) is true if Poss(a1 , s) and Apply([a2 ; a3], do(a1 , s), do(a3 , do(a2 , do(a1 , s)))) is true (using the second rule). • Apply([a2 ; a3], do(a1 , s), do(a1 , do(a2 , do(a3 , s)))) is true if Poss(a2 , do(a1 , s)) and Apply([a3 ], do(a2 , do(a1 , s)), do(a3 , do(a2 , do(a1 , s)))) is true (using the second rule). • Apply([a3 ], do(a2 , do(a1 , s)), do(a1 , do(a2 , do(a3 , s)))) is true if Poss([a1 ; a2; a3], s) and Apply([], do(a3 , do(a2 , do(a1 , s))), do(a3 , do(a2 , do(a1 , s)))) is true (using the second rule). • Apply([], do(a3 , do(a2 , do(a1 , s))), do(a3 , do(a2 , do(a1 , s)))) is true (using the first rule). Proposition 3. Let D be a domain description and R(D) be the corresponding first-order theory. Let c be a conditional plan and ϕ be a fluent formula. Then, D |= Knows ϕ after c iff R(D) ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥ . Proof. In Appendix B. ✷ We would like to point out that the above proposition also holds for a slightly different translation R1 (D), where we use the following simpler successor state axiom—based on the formulas (1.5) and (1.6) of Section 1.3—instead of the successor state axiom (2.9): Poss(x, s) ∧ Poss(x, s′ ) ⊃ " K(do(x, s′ ), do(x, s)) ≡ K(s′ , s) ∧ n ^ x 6= Kj j =1 ! ∨ n _ j =1 ′ x = Kj ∧ Holds(Fj , s) ≡ Holds(Fj , s )  !!!# . (2.13) 2.4. State space analysis In this section we analyze the size of the state space, when reasoning in AK . n n • It is easy to see that when we have n fluents, we will have 22 +n c-states and 22 +n−1 grounded c-states. • Now suppose out of the n fluents, in the initial situation we do not know the truth value of p (p 6 n) fluents. I.e., we know the truth value of n − p fluents. Then in all initial c-states hs, Σi, the size of Σ will be less than 2p . It follows from the definition of the transition function and the fact that we do not have any knowledge loosing actions that any c-state that can be reached by executing a sequence of actions in the T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 37 initial c-state will also have the size of its Σ less than 2p . Taking this into account the size of the reachable (from the initial c-states) state space will be:  n  n  n 2 2 2 + · · · + 2p × p +2× 2 2 1 p which is larger than 22 . • If we consider the formulations in [41,49] the ‘states’ will be Kripke models. In that case for n fluents, we will have at least 2n different possible worlds, and the accessibility relation will be a subset of 2n ×2n = 22n elements. Thus the total number 2n 2n of different Kripke models will be 2n × 22 = 22 +n . • Recently complexity results about planning in presence of incomplete information have been developed in [8]. One of the results is that the polynomial plan existence problem is 62P -complete in presence of incomplete knowledge about the initial situation and the restriction that sensing actions are executed a limited number (bounded by a constant) of times, when looking for feasible (polynomial length) plans. Without the restrictions the complexity is higher. The tremendously large size of the state space for AK and also for the formulations in [38,49], and the above mentioned complexity results necessitates search for (provably sound) approximations that have a more manageable state space and a lower complexity. This is our focus in the next section. 3. Approximating AK In this section we define several approximations of the semantics of AK . In our approximations we will use 3-valued states, which we will call a-states (or approximate states), to represent the state of knowledge of an agent. An a-state will be normally represented by a pair hT , F i, where T and F are disjoint sets of fluents. Intuitively, T (respectively F ) is the set of fluents which are true (respectively false) in the state hT , F i. An a-state hT , F i is said to be complete if T ∪ F is the set of all the fluents in the domain description. Often we will abuse notation to represent a complete a-state hT , F i, by just T . Let σ1 = hT1 , F1 i and σ2 = hT2 , F2 i be two a-states. We say that an a-state hT1 , F1 i extends the a-state hT2 , F2 i, denoted by σ2  σ1 , if T2 ⊆ T1 and F2 ⊆ F1 . If σ1 extends σ2 , we also say that σ1 is an extension of σ2 . σ1 ∩ σ2 will denote the pair hT1 ∩ T2 , F1 ∩ F2 i and σ1 \ σ2 denotes the set (T1 \ T2 ) ∪ (F1 \ F2 ). For a set of fluents X we write X \ hT , F i to denote X \ (T ∪ F ). Given a fluent f and an a-state σ = hT , F i, we say that f is true (respectively false) in σ if f ∈ T (respectively f ∈ F ); and f is known (respectively unknown) in σ if f ∈ T ∪ F (respectively f ∈ / T ∪ F ). A positive (respectively negative) fluent literal f is said to hold in hT , F i if f ∈ T (respectively f ∈ F ). We are now ready to define several approximations for AK . The difference between the approximations is based on how much case analysis is done to reason about actions when the agent has incomplete knowledge about the world. We start with the 0-Approximation where no case analysis is done. 38 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 3.1. 0-Approximation Let D be a domain description, hT , F i be an a-state, and f be a fluent in D. f (respectively ¬f ) is said to possibly hold in hT , F i if f ∈ / F (respectively f ∈ / T ). A set of fluent literals {f1 , . . . , fn } is said to possibly hold in hT , F i if for all i, fi possibly holds in hT , F i. An action a is said to be 0-executable in an a-state hT , F i if there exists an ex-proposition executable a if p1 , . . . , pn , such that p1 , . . . , pn hold in hT , F i. We now introduce several notations. • ea+ (hT , F i) = {f | f is a fluent and there exists “a causesf if p1 , . . . , pn ” in D such that p1 , . . . , pn hold in hT , F i}. • ea− (hT , F i) = {f | f is a fluent and there exists “a causes ¬f if p1 , . . . , pn ” in D such that p1 , . . . , pn hold in hT , F i}. • Fa+ (hT , F i) = {f | f is a fluent and there exists “a causesf if p1 , . . . , pn ” in D such that p1 , . . . , pn possibly hold in hT , F i}. • Fa− (hT , F i) = {f | f is a fluent and there exists “a causes ¬f if p1 , . . . , pn ” in D such that p1 , . . . , pn possibly hold in hT , F i}. • K(a, hT , F i) = {f | f is a fluent and “a determines f ” in D}. Intuitively, ea+ (hT , F i) (respectively ea− (hT , F i)) is the set of fluents that must be true (respectively false) after executing a in hT , F i; Fa+ (hT , F i) (respectively Fa− (hT , F i)) is the set of fluents that may be true (respectively false) after executing a in hT , F i; and K(a, hT , F i) is the set of fluents which become known after executing the action a in hT , F i. We define the result function of D in the 0-Approximation, denoted by Res0 , as follows. Res0 (a, hT , F i) = T ∪ ea+ (hT , F i) \ Fa− (hT , F i), F ∪ ea− (hT , F i) \ Fa+ (hT , F i) . We illustrate these definitions in the next example. Example 4. For the domain description D1 from Example 1, the initial a-state is σ0 = h∅, {disarmed, exploded}i. Since neither locked nor ¬locked holds in σ0 , we have that + (σ0 ) = ∅, edisarm − edisarm (σ0 ) = ∅, + eturn (σ0 ) = ∅, − eturn (σ0 ) = ∅. Since locked and ¬locked possibly hold in σ0 , we have that + (σ0 ) = {exploded, disarmed}, Fdisarm − Fdisarm (σ0 ) = ∅, + Fturn (σ0 ) = {locked}, − Fturn (σ0 ) = {locked} and K(look, σ0 ) = {locked}. + − (σ0 ) = elook (σ0 ) = Since there is no ef-proposition whose action is look, we have that elook + − Flook (σ0 ) = Flook (σ0 ) = ∅. Hence, T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 39 Res0 (disarm, σ0 ) = h∅, ∅i, Res0 (turn, σ0 ) = h∅, {disarmed, exploded}i, Res0 (look, σ0 ) = h∅, {disarmed, exploded}i. In the above example, even though disarmed and exploded were false in σ0 , after executing disarm they become unknown. On the face of it this is counter to the intuition behind the frame problem, where the values of fluents remain unchanged from one situation to another, unless the action in between changes them. In this case the action disarm has two effect propositions, neither of which is applicable as their preconditions (¬locked and locked respectively) do not hold. So a naive application of the frame axiom would lead us to conclude that disarmed and exploded remain false in the situation after executing disarm in σ0 . But such a conclusion is not sound, as it is possible that in the real world locked was true and thus after executing disarm, disarmed became true. Based on this possibility, we can not just have disarmed to be true in the resultant situation either, as this would be unsound if ¬locked was true in the real world instead. Thus taking into account the two possibilities, we can reason that the agent will not know whether disarmed is true or false after executing disarm. Thus, the resultant a-state should have disarmed as unknown. Our not so straightforward definition of Res0 , encodes this skeptical reasoning. We now use Res0 to define the transition function Φ0 . Again, executing an action might result in an undefined a-state, denoted by ⊥. Definition 7. Given a domain description D, the 0-transition function Φ0 of D is defined as follows: • If a is not 0-executable in σ , then Φ0 (a, σ ) = {⊥}; • If a is 0-executable in σ and a is a non-sensing action then Φ0 (a, σ ) = {Res0 (a, σ )}; and • If a is 0-executable in σ and a is a sensing action then Φ0 (a, σ ) = {σ ′ | σ  σ ′ and K(a, σ ) \ σ = σ ′ \ σ }. In the above definition, the transition due to a sensing action results in a set of a-states, each corresponding to a particular set of sensing results. The condition that all elements of σ ′ \ σ are from K(a, σ ) makes sure that only fluents that are sensed are the ones for which we have a k-proposition and the condition that all elements of K(a, σ ) are in σ ′ \ σ makes sure that all fluents mentioned in the k-propositions for that action have a true or false value in σ ′ . If we were to allow actions to be able to both sense and change the world, then Φ0 (a, σ ) for such an action can be succinctly defined as: Φ0 (a, σ ) = {σ ′ | σ ′ extends Res0 (a, σ ) and σ ′ \ Res0 (a, σ ) = K(a, σ ) \ Res0 (a, σ )}. b0 which Let Φ0 be a 0-transition function of D. The 0-extended transition function Φ maps pairs of conditional plans and a-states into set of a-states is defined next. Definition 8. b0 ([], σ ) = {σ }. (1) Φ b0 (a, σ ) = Φ0 (a, σ ). (2) Φ (3) For a case plan 40 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 c = Case ϕ1 → p1 .. . ϕn → pn Endcase  Φ b0 (pj , σ ) if ϕj holds in σ, b0 (c, σ ) = Φ  {⊥} if none of ϕ1 , . . . , ϕn holds in σ. b0 ([c1 ; c2 ], σ ) = (4) For two conditional plans c1 and c2 , Φ b0 (c, ⊥) = {⊥}. (5) Φ S b b0 (c1 ,σ ) Φ0 (c2 , σ σ ′ ∈Φ ′ ). b0 (c, σ ). An a-state σ0 is A conditional plan c is 0-executable in an a-state σ if ⊥ ∈ /Φ called an initial a-state of D if for any fluent literal f , f holds in σ0 iff “initiallyf ” is in D. It is easy to see that for each domain description, the initial a-state is unique. Definition 9. Given a domain description D, a 0-model is a pair (σ0 , Φ0 ) where σ0 is the initial a-state of D and Φ0 is a 0-transition function of D. Similarly to Proposition 1, we can prove that the 0-transition function Φ0 of D is unique. In the next definition, we define our first approximate entailment relation, the 0-entailment (|=0 ), based on the 0-model. Definition 10. Let D be a domain description, ϕ be a fluent formula, and c be a conditional plan in D. We say • D |=0 Knows ϕ after c if c is 0-executable in σ0 and ϕ holds in every a-state b0 (c, σ0 ) for every 0-model (σ0 , Φ0 ) of D; and belonging to Φ • D |=0 Kwhether ϕ after c if c is 0-executable σ0 and ϕ is known in every a-state b0 (c, σ0 ) for every 0-model (σ0 , Φ0 ) of D. belonging to Φ Example 5. For the domain description D1 we have that Φ0 (disarm, σ0 ) = {h∅, ∅i}, Φ0 (turn, σ0 ) = {h∅, {disarmed, exploded}i}, Φ0 (look, σ0 ) = {h{locked}, {disarmed, exploded}i, h∅, {locked, disarmed, exploded}i}. Thus D1 |=0 Kwhether locked after look but D1 6|=0 Knows locked after look and D1 6|=0 Knows ¬locked after look. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 41 In the next example we show that the conditional plan for disarming the bomb in Example 3 can also be analyzed using the 0-Approximation. Example 6. Let us reconsider the domain D1 and the conditional plan of Example 3.   look;         Case        ¬locked → turn = c 1 =c    locked → []         Endcase     disarm We have that the initial a-state of D is σ0 = h∅, {disarmed, exploded}i. b0 (c, σ0 ) as To prove that D1 |=0 Knows disarmed ∧ ¬exploded after c, we compute Φ follows. First, since K(look, σ0 ) = {locked} we have that Φ0 (look, σ0 ) = {σ1 , σ2 } where σ1 = h{locked}, {disarmed, exploded}i and σ2 = h∅, {disarmed, exploded, locked}i. Hence, [ b0 (c1 ; disarm, σ ′ ) b0 (c, σ0 ) = Φ Φ σ ′ ∈Φ0 (look,σ0 ) b0 (c1 ; disarm, σ2 ). b0 (c1 ; disarm, σ1 ) ∪ Φ = Φ b Since locked holds in σ1 and ¬locked holds S in σ2 , we have that Φ0′(c1 ; disarm, σ1 ) = b0 (c1 ; disarm, σ2 ) = σ ′ ∈Φb (turn,σ ) Φ b0 (disarm, σ1 ) and Φ b0 (disarm, σ ). Φ 0 2 b0 (turn, σ2 ) = b0 (disarm, σ1 ) = {h{disarmed, locked}, {exploded}i} and Φ Furthermore, Φ Φ0 (turn, σ2 ) = {h{locked}, {disarmed, exploded}i} = {σ1 }. b0 (disarm, σ1 ) = {h{disarmed, locked}, {exploded}i}. b0 (c1 ; disarm, σ2 ) = Φ Thus, Φ b In summary, we have that Φ0 (c, σ0 ) = {h{disarmed, locked}, {exploded}i} which implies that D1 |=0 Knows disarmed ∧ ¬exploded after c. Although 0-Approximation can correctly analyze the above example, it has weaknesses and it cannot entail many queries entailed by the AK semantics. The following example illustrates this. Example 7. Let us consider the domain D3 with the following causal rules;   a causesf if g   a causesf if ¬g = D3    executable a The initial a-state of D3 is σ0 = h∅, ∅i. Intuitively, we would expect that Knows f after a b0 (a, σ0 ) = Φ0 (a, σ0 ) = is entailed by D3 and this entailment holds for |=rAK . However, Φ {h∅, ∅i} because ea+ (σ0 ) = ea− (σ0 ) = Fa− (σ0 ) = ∅ and Fa+ (σ0 ) = {f }. This means that D3 6|=0 Knows f after a. 42 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 In the above example, by doing case analysis we can intuitively conclude that f should be true after executing a in the initial situation. I.e., we analyze that in the initial situation g could be either true or false, and in both cases we can conclude that f will be true after executing a. The reasoning mechanism in the 0-Approximation lacks any such case analysis. In the next section we introduce the notion of 1-Approximation that does some case analysis and is able to make the intuitive conclusion in the above example. 3.2. 1-Approximation The 1-Approximation improves on 0-Approximation by defining a new result function which given an incomplete a-state σ and an action a, considers all complete extensions of σ , and applies a to these extensions and then considers what is true and what is false in all the resulting states. Such a transition function does intuitive reasoning with respect to the Example 7. We now formally define the new result function. For an a-state σ , let Comp(σ ) be the set of all the complete a-states that extend σ . The result function, Res1 , which maps a pair of an action a and an a-state σ into an a-state Res1 (a, σ ) is defined as follows. \ Res0 (a, σ ′ ). Res1 (a, σ ) = σ ′ ∈Comp(σ ) The notion of executability changes slightly. Now, an action a is said to be 1-executable in an a-state σ if it is 0-executable in all a-states in Comp(σ ). The 1-transition function is defined next. Definition 11. Given a domain description D, the 1-transition function Φ1 of D is defined as follows: • If a is not 1-executable in σ then Φ1 (a, σ ) = {⊥}. • If a is 1-executable in σ and a is a non-sensing action then Φ1 (a, σ ) = {Res1 (a, σ )}. • If a is 1-executable in σ and a is a sensing action then Φ1 (a, σ ) = {σ ′ | σ  σ ′ and K(a, σ ) \ σ = σ ′ \ σ }. A 1-model of D is then defined as a pair (σ0 , Φ1 ) where σ0 is the initial a-state of D and Φ1 is the 1-transition function of D. The notion of 1-extended function and 1-entailment is then defined as in Definitions 8 and 10 using 1-transition function and 1model, respectively. In the next example we show that the 1-Approximation allows us to reason by cases. Example 8. Let us consider again the domain D3 from Example 7. The initial a-state of D3 is σ0 = h∅, ∅i. The set of complete extensions of σ0 , Comp(σ0 ), is the set of all complete a-states of D3 . More precisely, Comp(σ0 ) = {σ1 , σ2 , σ3 , σ4 } where σ1 = h{f, g}, ∅i, σ2 = h{f }, {g}i, σ3 = h∅, {f, g}i, and σ4 = h{g}, {f }i. Since Res0 (a, σ1 ) = h{f, g}, ∅i, Res0 (a, σ2 ) = h{f }, {g}i, Res0 (a, σ3 ) = h{f }, {g}i, and Res0 (a, σ4 ) = h{f, g}, ∅i we have that Res1 (a, σ0 ) = h{f }, ∅i. Thus, for any 1model (σ0 , Φ1 ) of D3 , Φ1 (a, σ0 ) = {h{f }, ∅i}. Hence, we can conclude that D3 |=1 Knows f after a. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 43 We now state the relation between the 0-Approximation and the 1-Approximation of domain descriptions of AK . Proposition 4 (Soundness of |=0 with respect to |=1 ). Let D be a domain description, ϕ be a fluent formula of D, and c be a conditional plan. Then, if D |=0 Knows ϕ after c then D |=1 Knows ϕ after c. Proof. (Sketch 4 ). Similar to Proposition 1 we can prove that for every domain description D, 5 the 0-model and 1-model of D are uniquely determined. Furthermore, the initial astate in the 0-Approximation is also the initial a-state in the 1-Approximation. Let us denote the 0-model and 1-model of D by (σ0 , Φ0 ) and (σ0 , Φ1 ) respectively. Let σ and δ be two a-states of D such that σ  δ. Then, for every action a of D, we can prove that (i) for each σ ′ ∈ Φ0 (a, σ ) there exists a δ ′ ∈ Φ1 (a, δ) such that σ ′  δ ′ ; (ii) for each δ ′ ∈ Φ1 (a, δ) there exists a σ ′ ∈ Φ0 (a, σ ) such that σ ′  δ ′ . b0 (c, σ ), Using (i) and (ii) we can then prove that for any conditional plan c such that ⊥∈ /Φ b1 (c, δ); (iii) ⊥∈ /Φ b0 (c, σ ) there exists a δ ′ ∈ Φ b1 (c, δ) such that σ ′  δ ′ ; and (iv) for each σ ′ ∈ Φ ′ ′ b1 (c, δ) there exists a σ ∈ Φ b0 (c, σ ) such that σ ′  δ ′ . (v) for each δ ∈ Φ (iii) proves that if c is 0-executable in σ0 then c is 1-executable in σ0 . This, together with (iv) and (v), and the fact that σ0  σ0 , proves the proposition. ✷ The next example shows that the 1-Approximation is also not able to make some intuitive conclusions 6 that can be made using the AK semantics. Example 9. Consider the domain description:   a causes p if r     a causes q if ¬r     b causes f if p = D4 b causes f if q      executable a     executable b The initial a-state is h∅, ∅i, where p, q, r, and f are unknown. Although intuitively and also according to the rational semantics of AK , after executing a followed by b in the initial a-state, f should be true, our 1-Approximation is not able to capture this. This is because the 1-Approximation reasons by cases only up to 1 level. Since after reasoning by cases for 1 level, it summarizes its reasoning to a pair hT , F i, it is not able to capture the fact that after executing a in the initial a-state p ∨ q is true. To overcome the limitation of 1-Approximation as illustrated by the above example, we can define 2-Approximation which will reason by cases up to 2 levels. But it will break 4 The full proof can be found in [51]. 5 Recall that we do not allow contradictory v-propositions or contradictory ef-propositions in D. 6 We thank the anonymous AAAI-97 reviewer who pointed this out. 44 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 down when reasoning by cases up to 3 levels is necessary, and so on. In the next section, we define ω-Approximation which allows reasoning by cases for multiple levels without setting a limit on the number of levels. 3.3. ω-Approximation Our intention in ω-Approximation is to reason by cases to as many levels as possible. But this number is limited by the structure of the plan. We can only reason by cases through sequences of non-sensing actions. For that reason, given a sequence of actions α = a1 ; . . . ; an , we now define the longest prefix of α consisting of only non-sensing actions or a single sensing action, denoted by pre(α), as follows: • if a1 is a sensing action then pre(α) = a1 ; or • if α does not contain a sensing action then pre(α) = α; or • if aj is the first sensing action in α, 1 < j 6 n, then pre(α) = a1 , . . . , aj −1 . The sequence of actions obtained from α after removing its prefix pre(α) is called the remainder of α and is denoted by rem(α). Given a sequence of non-sensing actions α = a1 , . . . , an , we now define Resω (α, σ ) by considering all complete extensions of σ , applying α to each of them and then determining their intersection. This corresponds to doing case by case reasoning for n levels. More formally, \ Res0 (an , Res0 (an−1 , . . . , Res0 (a1 , σ ′ ))). Resω (α, σ ) = σ ′ ∈Comp(σ ) An action a is ω-executable in σ if a is 0-executable in all complete extensions of σ . And, a sequence of non-sensing actions α is ω-executable in σ if α is 0-executable in all complete extensions of σ . The ω-Approximation of D is defined by a function Φω , called ω-transition function, which maps a pair of a sequence of actions α and an a-state σ into a set of a-states, denoted by Φω (α, σ ), as follows.  {⊥} if pre(α) is not ω-executable in σ ;      {Res (α, σ )} if α does not contain a sensing action and ω     is ω-executable in σ ;  ′ ′ Φω (α, σ ) = {σ | σ extends σ, and σ ′ \ σ = K(a, σ ) \ σ }   if α = a, a is a sensing action,     and a is ω-executable in σ ; and    S ′ Φ (rem(α), σ ′ ), otherwise. σ ∈Φω (pre(α),σ ) ω A sequence of actions α is ω-executable in σ if ⊥∈ / Φω (α, σ ). An ω-model for a domain description D is then defined as the pair (σ0 , Φω ), where σ0 is the initial a-state of D and Φω is an ω-transition function of D. To extend the function Φω over pairs of conditional plans and a-states we need the following observation. Observation 3.1. Every conditional plan c can be represented as a sequence of conditional plans c1 ; . . . ; cn where T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 45 (a) ci is either a sequence of actions or a case plan; and (b) for every i < n, if ci is a sequence of actions then ci+1 is a case plan. From now on, we will often write a conditional plan c as a sequence c = c1 ; . . . ; cn where ci ’s satisfy the conditions (a) and (b) of Observation 3.1. bω , is defined next. The extended transition function of Φω , denoted by Φ For a conditional plan c and an a-state σ , we define bω (c, σ ) = Φω (c1 , σ ); (1) for c = c1 , where c1 is a sequence of actions, Φ (2) for c = Case ϕ 1 → c1 ... ϕ l → cl Endcase,  b bω (c, σ ) = Φω (ci , σ ) Φ {⊥} if ϕi holds in σ , if none of ϕ1 , . . . , ϕl holds in σ ; (3) for c = c1 ; c2; . . . ; cn , n > 1, (a) if c1 is a sequence of actions, [ bω (c2 ; . . . ; cn , σ ′ ), bω (c, σ ) = Φ Φ (b) if bω (c1 ,σ ) σ ′ ∈Φ c1 = Case ϕ1 → p1 ... ϕm → pm Endcase, S bω (c2 ; . . . ; cn , σ ′ )   σ ′ ∈Φbω (pi ,σ ) Φ bω (c, σ ) = Φ if ϕi holds in σ,   {⊥} if none of ϕ1 , . . . , ϕm holds in σ ; bω (c, ⊥) = {⊥} for every conditional plan c. (4) Φ The notion of ω-entailment is then defined as in Definition 10 using the ω-model. The next example shows that this generalization indeed overcomes the problem of 1Approximation in Example 9, through reasoning by cases for multiple levels. Example 10. Let us consider the domain description D4 from Example 9. Let σ be a complete extension of σ0 . Since σ is complete, either r or ¬r holds in σ . Thus, either p or q holds in Res0 (a, σ ). This implies that eb+ (Res0 (a, σ )) = {f }. Since D4 does not contain an ef-proposition, whose effect is ¬f , we have that Fb− (Res0 (a, σ )) = ∅. Hence, f holds in Res0 (b, Res0 (a, σ )) for every complete a-state σ . Thus f holds in Resω ([a; b], σ0). 46 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 By definition of Φω , we have that f holds in Φω ([a; b], σ0) where σ0 is the initial abω ([a; b], σ0) = Φω ([a; b], σ0). Thus, state of D4 . Since a; b is a sequence of actions, Φ D4 |=ω Knows f after [a; b]. We prove the soundness of |=1 with respect to |=ω in the next proposition. Proposition 5 (Soundness of |=1 with respect to |=ω ). Let D be a domain description, ϕ be a fluent formula, and c be a conditional plan. Then, if D |=1 Knows ϕ after c then D |=ω Knows ϕ after c. Proof. The proof is similar to the proof of Proposition 4. The proof can be found in [51]. ✷ 3.4. Soundness of 0-, 1- and ω-Approximations with respect to AK -semantics In the previous subsections we discussed three different approximations of AK . Our next goal is to show that these approximations are sound with respect to AK . Since we have already shown in Propositions 4 and 5 that |=0 is sound with respect to |=1 and |=1 is sound with respect to |=ω , we will now show that the ω-Approximation is sound with respect to AK . Proposition 6 (Soundness of |=ω with respect to |=AK ). Let D be a domain description, ϕ be a fluent formula, and c be a conditional plan. Then, if D |=ω Knows ϕ after c then D |=AK Knows ϕ after c. Proof. In Appendix C. ✷ Even though ω-Approximation can reason more than the 1-Approximation, it still cannot match the AK semantics. The following example illustrates this. Example 11. Let D5 be the following domain description.   a causes ¬p if r     b determines r      c causes p if r   = D5 initially p    executable a      executable b     executable c We have that σ0 = h{p}, ∅i is the initial a-state of D5 . Let α = [a; b; c]. There are two complete extensions of σ0 : σ1 = h{p}, {r}i and σ2 = h{p, r}, ∅i. This implies that Resω (a, σ0 ) = Res0 (a, σ1 ) ∩ Res0 (a, σ2 ) = h{p}, {r}i ∩ h{r}, {p}i = h∅, ∅i. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 47 Furthermore, Φω (b, h∅, ∅i) = {h{r}, ∅i, h∅, {r}i}, and Φω (c, h{r}, ∅i) = {h{p, r}, ∅i} and Φω (c, h∅, {r}i) = {h∅, {r}i}. Since Φ̂ω (α, σ0 ) = Φω (α, σ0 ) = [ Φω ([b; c], σ ) = Φω ([b; c], h∅, ∅i) σ ∈Φω (a,σ0 ) = [ Φω (c, σ ) = Φω (c, h{r}, ∅i) ∪ Φω (c, h∅, {r}i) σ ∈Φω (b,h∅,∅i) = {h{p, r}, ∅i, h∅, {r}i}, we have that D5 6|=ω Knows p after [a; b; c] and D5 6|=ω Knows ¬p after [a; b; c]. Now, we will show that D5 |=rAK Knows p after [a; b; c]. Let s1 = {p}, s2 = {p, r}, and s3 = {r}. D5 has two initial c-states: hs1 , {s1 , s2 }i and hs2 , {s1 , s2 }i. We have that and b b hs1 , {s1 }i) = hs1 , {s1 }i b c], hs1, {s1 , s3 }i) = Φ(c, Φ([a; b; c], hs1, {s1 , s2 }i) = Φ([b; b b hs3 , {s3 }i) = hs2 , {s2 }i. b c], hs3, {s1 , s3 }i) = Φ(c, Φ([a; b; c], hs2, {s1 , s2 }i) = Φ([b; b It is easy to check that p is known to be true in Φ([a; b; c], hs1, {s1 , s2 }i) and r b Φ([a; b; c], hs2, {s1 , s2 }i). Thus D5 |=AK Knows p after [a; b; c]. 3.5. Complexity of progression In this subsection we will compare the complexity of progression in the various approximations. Suppose the number of fluents we have is n, and d is the size of the domain description. Given an a-state hT , F i, such that the size of T ∪ F is m, the complexity of computing Res, Res0 , Res1 , and Resω in the different approximations are as follows: • 0-Approximation: The complexity of computing Res0 (a, σ ) is m × number of efpropositions in the domain description. This is of the order of m × d. • 1-Approximation: Here we need to compute Res1 . This is of the order of 2n−m × m × d. • ω-Approximation: Here we also need to compute Resω . This is also of the order of 2n−m × m × d. It is easy to see that if a sensing action a determines p fluents and σ is a-state where none of these fluents are known, then Φ0 (a, σ ), Φ1 (a, σ ), Φω (a, σ ) will have 2p a-states. From the above analysis, it is clear that progression can be done much faster in the 0Approximation than in the other two. On the other hand there is no significant difference in doing progression between 1-Approximation and ω-Approximation. (A more formal result was recently given in [8], where it was shown that while computing the next state Res0 (a, σ ) is a polynomial time procedure, computing Res1 (a, σ ) is coNP-complete.) 48 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 4. Related research In this section we first discuss the expressiveness and limitations of our formulations in this paper as compared to other formulations in the literature and then do detailed comparisons with works that are closest to ours. 4.1. Expressiveness and limitations of AK Since our main goal in this paper has been to formalize sensing actions, to avoid distractions we have on purpose limited the expressiveness of the rest of the language. For example, we do not allow multi-valued fluents [19], static causal laws [1,35,43], concurrent actions [2,3,37], narratives [5,42], etc. In Section 2.2 we briefly discuss how most of these restrictions can be lifted. Besides these, we also make some additional assumptions that limit the expressiveness of our language. We now briefly discuss these assumptions and why we make them. • We follow the approach in [21] in not having a full first-order language. This allows us to avoid the additional induction axioms described in [47,48]. Although, we do not have full first-order language we do allow variables, and propositions with variables such as: move(X, Y ) causes at(Y ) • • • • Here, the proposition is viewed as a ‘schema’ representing a set of propositions where X and Y are bound. Also, we assume our domain to be finite. I.e, we assume that we have a finite set of actions, and fluents. We assume that there is a single agent who is planning and acting and our interest is in formalizing his knowledge about the world vis-à-vis the real state of the world. Unlike in [49] we make the assumptions of the modal logic S5 and hard code it into our semantics. This allows us to use the simpler c-states instead of using Kripke models. Moreover, as we show in Section 2.4, this leads to a smaller state space. A similar approach is followed in most of the chapters in [14]. We assume the sensing actions (i.e., the operation of the sensors) to be perfect. Bacchus, Halpern, and Levesque [7] extend the situation calculus approach in [49] to allow for noisy sensors. In the future, we plan to extend our approach to this case. Also, in the Operations Research literature POMDPs (partially observable Markov decision processes) are used in formulating noisy observations. We plan to formulate sensing actions using POMDPs and compare it with our current formulation. We follow the high-level language doctrine in [34] and the approach in databases and use a limited query language. This allows us to have a simpler formulation. Our query language can be easily extended to allow for knowledge and temporal operators as in [23], but it is not straightforward and nor we favor the generality of allowing quantifiers (as in [47,48]). In most of the paper our interest is in progression and verification of conditional plans. In other words, given the description (possibly partial) of an initial state, a conditional plan and a goal, we would like to verify if the given plan executed in the initial state will take us to the goal. Because of this limited interest, we can use T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 49 the simpler formulation in (1.5) and (1.6) instead of (1.3) and (1.4). When using the simpler formulation we can not add an observation of the form ∃S.Knows(f, S) to find out what S is. This is a limitation only when we use the logical formulation, and not at the semantic level. 4.2. Relationship with Scherl and Levesque’s formulation In Section 2.3 we gave a translation of domain descriptions in D to a first-order theory that used Scherl and Levesque’s [49] successor-state axiom (which is based on Moore’s [41] formulation) and showed the equivalence with respect to queries in the language of AK . Since Scherl and Levesque directly formalize in first-order logic, their formulation is more general than ours; (i) in terms of allowing more general descriptions about the domain such as being able to choose which modal logic to use, and observations about non-initial situations; and (ii) in terms of allowing more general queries. On the other hand our goal in this paper has been to have a simpler formulation, perhaps at the cost of generality. For example, the ‘state’ of the agent’s knowledge in Scherl and Levesque’s formulation (and also in Moore’s formulation) would be a Kripke model. Since planning in a state space where a ‘state’ is a Kripke model is more difficult, we have a simpler notion of a ‘state’ which we call a c-state. (For instance, if we have n fluents 2n then the number of different Kripke models are 22 +n , while the number of different cn states are 22 +n .) As mentioned earlier, our c-state has two components, the real state of the world and the set of possible states that the agent thinks it may be in. Our c-state is actually equivalent to a Kripke model when we consider the logic S5. Thus with a goal to make things simpler we sacrifice generality and make an a-priori decision on which logic of knowledge to use. Also, since we develop a high-level language AK , with an independent semantics—that does not depend on standard logics, it can serve the role of a benchmark for languages with sensing actions, at least for the restricted class of queries in AK . Moreover, this highlevel language makes it easier for us to prove the soundness of approximations that have a much less and more manageable state space. By having sound and complete translations of domain descriptions in AK to theories in first-order logic that use Scherl and Levesque’s axioms, our sound approximations are also in a way sound approximations of Scherl and Levesque’s formalism. Finally, we would like to mention that loop-free robot programs of [31] are special cases of our conditional plans. In particular, the statements seq(a, r) and branch(a, r1 , r2 ) of [31] can be recursively translated to conditional plans a; r and a Case f → r1 ¬f → r2 Endcase 50 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 respectively. In this paper we do not allow loops in our conditional plans. But the ideas in [31,38] can be used to extend our conditional plans to allow loops. 4.3. Relationship with Lobo et al.’s semantics Lobo et al. in [38] have a goal similar to ours, in terms of developing a high-level language that allows sensing actions and giving translations of it to theories in a standard logical language. We now list some of the major differences between both approaches: • They represent the state of an agent’s knowledge by a set of states (which they refer to as a situation), and the transition function Φ in their model is defined such that for a sensing action a and a situation Σ, Φ(a, Σ) is a subset of Σ that consists of all states which agree on the fluent values determined by the sensing action a. A drawback of this approach is that domain descriptions have a lot of models. But more importantly, it is possible that when a domain description has two sensing actions a and b that determine the same fluent f , there are models Φ, such that Φ(a, Σ) 6= Φ(b, Σ) for some Σ’s. In other words, while f may be true in all states in Φ(a, Σ), it may be false in all states in Φ(b, Σ). We find such models unintuitive. • The semantics of AK is more general than the semantics of Lobo et al. in the sense that in their formulation the assumption about models being rational is hard wired into the semantics. • On the other hand the high-level language used by Lobo et al. is more general than the one we are using. They allow conditional sensing through preconditions in k-propositions. We do not allow preconditions in k-propositions but we allow executability conditions. • Lobo et al. give translations of their domain descriptions to theories in epistemic logic programs [17]. We have translations to disjunctive logic programs [9,51], which are simpler than epistemic logic programs. We also give translations to first-order theories. • Finally, we consider sound approximations of our language. In the later part of this section we show our semantics to be equivalent (sometimes) to theirs. Thus our approximations are also sound approximations of their formulation. We now give a quick overview of the formulation in [38], restricted to the common syntax of AK and their language. We then show that our rational semantics is equivalent to the semantics in [38] for this restricted case. The semantics of [38] is defined through transition functions that map pairs of actions and situations into situations where a situation is a set of states. A situation is consistent if it is not empty. Given a domain description D, the situation consisting of all the initial states of D, denoted by Σ0 , is called the initial situation of D. A fluent f is said to be true in a situation Σ if f ∈ s for every s ∈ Σ. A fluent formula ϕ is said to be true in a situation Σ if ϕ is true in every state s belonging to Σ. We will need the following definition. Definition 12. Let Σ be a consistent situation and f a fluent. A consistent situation Σ ′ is “f -compatible” with Σ iff / σ }; or (1) Σ ′ = {σ ∈ Σ | f ∈ (2) Σ ′ = {σ ∈ Σ | f ∈ σ } T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 51 For a domain description D, a function Φ from pairs of actions and situations into situations is called an interpretation of D. Definition 13. An interpretation Φ of a domain description D is a model of D if and only if (1) for any consistent situation Σ (a) for any non-sensing action a, [ {Res(a, s)}; Φ(a, Σ) = s∈Σ (b) for each sensing action a, let a determines f1 ... a determines fn be the k-propositions in which a occurs. Then, • Φ(a, Σ) must be a consistent situation; and • Φ(a, Σ) = Σ1 ∩ Σ2 ∩ · · · ∩ Σn where Σi is a fi -compatible situation with Σ for i = 1, . . . , n (2) for any action a, Φ(a, ∅) = ∅. Lobo et al. extend the function Φ to a plan evaluation function ΓΦ (c, Σ) which allows conditional plans. The definition of ΓΦ (c, Σ) given in [38] is very similar to the definition b and we omit it here for brevity. In the following example, we show the difference of Φ between our models and the models of Lobo et al. Example 12. Let us consider the domain description D1 from Example 1. The states of D1 are: s1 = ∅, s5 = {disarmed}, s2 = {locked}, s3 = {exploded}, s6 = {disarmed, exploded}, s7 = {disarmed, locked}, s4 = {locked, exploded}, s8 = {disarmed, locked, exploded}. The initial situation of D1 is Σ0 = {s1 , s2 }. There are two locked-compatible situations with Σ0 : Σ1 = {s1 } and Σ2 = {s2 }. Thus, if Φ is a model of D1 , then either Φ(look, Σ0 ) = {s1 } or Φ(look, Σ0 ) = {s2 }, i.e., in the approach of Lobo et al. there are (at least) two different models which differ from each other by the transition functions. On the other hand, in our approach we have two rational models which differ only by the initial c-states. The entailment relation with respect to Lobo et al.’s semantics is defined next. Definition 14. D |=LTM Knows ϕ after c iff for every model Φ of D, ϕ is true in ΓΦ (c, Σ). 52 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 The following proposition relates Lobo et al.’s semantics with ours. Proposition 7 (Equivalence between |=rAK and |=LTM ). Let D be a domain description, ϕ be a fluent formula in D, and c be a conditional plan in D. Then, D |=rAK Knows ϕ after c iff D |=LTM Knows ϕ after c. Proof. In [9,51]. ✷ 4.4. Past research on planning with sensing In the past several planners have been developed that can plan (to some extent) in presence of incompleteness, and some of these planners use sensing actions. In this section we briefly describe a few of these planners, the semantics they use and compare it with our semantics. 4.4.1. Golden and Weld’s work Golden, Weld and their colleagues in [11,22,23] have developed planning languages and planners that can plan in presence of incompleteness, use sensing actions, and plan for ‘knowledge’ goals. Two of these languages are UWL [11] and SADL [23]. We now list some of their main contributions and compare their formulation with that of ours. • As evident from the title ‘Representing sensing actions—the middle ground revisited’ of [23], their goal is to develop a middle ground in formulating sensing actions. After reading Golden’s thesis [22] and communicating with him it seems that their formulation is close to our 0-Approximation, and like 0-Approximation it does not do the case-by-case reasoning necessary to make the desired conclusion in D3 of Example 7. But, while they do not have a soundness result, they have implemented and incorporated their planner into Softbot agents. • One of their main contributions is their notion of LCW (local closed world) and reasoning with (making inferences and updates) LCW. We do not have a similar notion in this paper. • They introduce a minimal but extremely useful set of knowledge-temporal goal. In UWL, they have the annotations ‘satisfy’, ‘hands-off’ and ‘findout’ and in SADL, they have ‘satisfy’, ‘hands-off’ and ‘initially’. Intuitively, the annotation satisfy(p) means to reach a state where p is true and the agent knows that p is true; the annotation hands-off (p) means that during the execution of the plan, the truth value of p does not change; and the annotation initially(p) is used to specify the goal of sensing the truth value of p at the time the goal is given, the idea being that after the agent has finished executing his plan, he will know the truth value of p when he started. They also formulate regression with respect to goals formulated using such annotations. We have one small reservation about their annotation ‘initially’. In [22], Golden says that initially(p) is not achievable by an action that changes the fluent p since such an action only obscures the initial value p. However, changing p after determining its initial value is fine. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 53 We think the above condition is restrictive because sometimes we can determine the initial value of p, even though we change its value. Consider the case where we do not know the value of p, and we have an action a and an action senseg whose effects can be described as follows: a causes g if p a causes ¬g if ¬p a causes p if ¬p a causes ¬p if p senseg determines g Now, even though the action a changes the value of p, we can find the initial value of p by executing the plan a; senseg . We believe these annotations are an important contribution, and additional research is necessary in developing a general knowledge-temporal language for representing more expressive queries over trajectories of c-states. For example, we may want to maintain knows-whether(p), i.e., during the execution of the plan, we do not want to be in a state where we do not know the value of p. This is different from hands-off (p), where we are not allowed to change the value of p, but we don’t have to know the value of p all through the trajectory. • An important difference between their approach and ours is that their focus is on combining planning with execution, while our focus is more close to the classical planning paradigm where we would like to generate a complete plan (possibly with conditional statements and sensing actions) before starting execution. This difference in our focus shows up in the difference in our characterization of sensing actions. 4.4.2. Goldman and Boddy’s work In their KR-94 paper [15], Goldman and Boddy use a single model of the world representing the planners state of the knowledge. They then first consider actions with executability conditions (but no conditional effects) and with explicit effects that may make fluents unknown. They define progression (the knowledge state reached after executing an action), and regression with respect to such actions. Next they extend their action definition to include conditional actions which have a set of mutually exclusive and exhaustive possible outcomes (i.e., exactly one of the outcomes will be the result of the action). They suggest that such conditional actions can be used to describe observation operators by requiring that if such an action is supposed to observe the fluent f , then unknown(f ) must be in the executability condition of that action. They argue about the difficulty of adding conditional effects to their model, which does not have representations of both the state of the world and the planner’s state of knowledge. The following points compare and contrast their approach to that of ours: • Since they use a single model to represent both the world and the planners knowledge about the world, their formulation is perhaps similar to our approximations, where we also have a single model. But, their formulation has not been shown to be sound with respect a full formulation. 54 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 • Their formulation of sensing actions (or observation operators as they call it) can wrongly consider the tossing of a coin action to be a sensing action if the state of the coin (whether ‘heads’ or ‘tails’) is unknown before the coin was tossed. Because of this we do not believe that their formulation (restricted to a common subset with our language) will be sound with respect to our formulation. • They allow actions—even in the absence of conditional effects—to explicitly make fluents unknown. We do not have such actions, but because of conditional effects, our actions can also make fluents unknown. In a later paper [16], they extend classical planning to allow conditional plans, contextdependent actions, and non-deterministic outcomes and argue the necessity of separately modeling the planner’s information state and the world state. They use propositional dynamic logic to express conditional plans, and reason about information-gathering (sensing) and the agent’s information state. We like their idea of using propositional dynamic logic and results about it and appreciate their goal to explore a middle ground between having a full formulation of sensing actions, and not allowing incompleteness at all. That coincides with our motivation for exploring approximation. But, after carefully reading the paper several times, we believe that more details about their formulation are necessary to fairly and more comprehensively compare their approach to ours. 4.5. Regression Our focus in this paper so far has been on progression and plan verification. Considering the recent success of model-based planning using propositional satisfiability [27,29,30] our formulation is geared towards such an approach. Nevertheless, we would like to briefly comment on the notion of regression and its role in conditional planning with sensing actions. Regression with respect to simple actions has been studied in [45,48]. Scherl and Levsque [49] study regression with respect to sensing actions. The intuition behind regression of a formula ϕ with respect to an action a, is to find a formula ψ such that ψ holds in a situation s if and only if ϕ will hold in the situation do(a, s). Regression can be used to verify the correctness of a plan by regressing the goal to the initial situation and verifying if the regressed formula holds in the initial situation. Regression can be also used in the least commitment approach to planning [6,55]. We now present the regression rules for regressing knowledge formulas with respect to conditional plans. The first four rules are adapted from [49] and further simplified. The simplification is due to the use of S5 modal logic where only one level of knowledge is sufficient. The regression over conditional plans is our original contribution. (1) For a fluent f and an action a with the ef-propositions a causesf if ̺1 , . . . , a causes ′ f if ̺n , a causes ¬f if ̺1′ , . . . , a causes ¬f if ̺m ! m n ^ _ ̺j′ . ̺i ∨ f ∧ ¬ Regression(f, a) = i=1 j =1 (2) For a fluent formula ϕ and a non-sensing action a, Regression(Knows(ϕ), a) = Knows(Regression(ϕ, a)). T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 55 (3) For a fluent f and a sensing action a which senses the fluents f1 , . . . , fn , let I (a, f1 , . . . , fn ) be the set of conjunctions of literals representing the interpretations of the set {f1 , . . . , fn }. 7 Let ϕ be a fluent formula. Then, ^ γ →Knows(γ →ϕ). Regression(Knows(ϕ), a) = γ ∈I (a,f1 ,...,fn ) (4) Regression over c-formulas 8 • Regression(ϕ1 ∧ ϕ2 , a) = Regression(ϕ1 , a) ∧ Regression(ϕ2 , a); • Regression(ϕ1 ∨ ϕ2 , a) = Regression(ϕ1 , a) ∨ Regression(ϕ2 , a); • Regression(¬ϕ, a) = ¬Regression(ϕ, a). (5) Regression over conditional plans and c-formulas. (In the equations below, ϕ’s are c-formulas, and ϕi ’s are fluents formulas.) • Regression(ϕ, []) = ϕ; • Regression(ϕ, α; a) = Regression(Regression(ϕ, a), α) where α is a sequence of actions; W • Regression(ϕ, Case ϕ1 →p1 , . . . , ϕn →pn Endcase) = ni=1 (Knows(ϕi ) ∧ Regression(ϕ, pi )); • Regression(ϕ, c1 ; c2 ; . . . ; cn ) = Regression(Regression(ϕ, cn ), c1 ; . . . ; cn−1 ) where ci ’s are conditional plans satisfying the conditions of Observation 3.1. The next proposition proves the soundness and completeness of the regression formula. Proposition 8. Given a domain description D, let ϕ be a c-formula, and σ1 , . . . , σn be the set of grounded initial c-states of D, and c be a conditional plan that is executable in all the grounded initial c-states of D. Then, b σj ) |= ϕ. ∀i, 1 6 i 6 n, σi |= Regression(ϕ, c) iff ∀j, 1 6 j 6 n, Φ(c, Proof. In Appendix D. ✷ 5. Conclusion and future work In this paper we presented a high-level action description language that takes into account sensing actions and distinguishes between the state of the world and the state of the knowledge of an agent about the world. We gave sound and complete translation of domain descriptions in our language to theories in first-order logic and have similar translations [9,51] to disjunctive logic programming. We compared our formulation with others and analyze the state space of our formulation and that of the others. We then gave sound approximations of our formulation with a much smaller state space. We believe the approximations in this paper will be very important in developing practical planners. 7 For example, if a senses f and g then I (a, f, g) = {¬f ∧ ¬g, ¬f ∧ g, f ∧ ¬g, f ∧ g}. 8 A knowledge formula (k-formula) is a formula of the form Knows(ϕ), where ϕ is a fluent formula, and we say Knows(ϕ) holds in a c-state σ = hs, Σi, if ϕ holds in all states of Σ . A combined formula (c-formula) is a formula constructed using fluent formulas, k-formulas and the propositional connectives, and when a c-formula holds in a c-state is defined in a straightforward way. 56 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Some of our future plans are: • We would like to analyze existing planners 9 that construct conditional plans and use sensing actions and develop more efficient planners based on the approximations described in this paper. We have made a head start in this direction by implementing a simple generate and test planner in Prolog. • We would like to further explore the notions of 1-Approximation and ω-Approximation. • We would like to follow satisfiability planning [27,29,30] and SMODELS based planning [10,12,13] by adapting our classical logic and logic programming formulations to plan with sensing actions. • We would like to adapt our formulation of sensing to other action description languages—particularly the action description language for narratives [4,5]—to develop notions of diagnosis and diagnostic and repair planning with respect to a narrative. Intuitively, the latter means to develop a plan—possibly with sensing actions—that leads to a unique diagnosis of a system. Acknowledgement We would like to thank the anonymous reviewer for his/her valuable comments that help us to improve the paper in many ways. This work was carried out while the first author was a doctoral student at the University of Texas at El Paso. Appendix A Proposition A.1. For every sequence of actions α of D1 , D1 6|=rAK Knows disarmed ∧ ¬exploded after α. Proof. Let s1 = ∅ and s2 = {locked}. The two initial c-states of D1 are σ1 = hs1 , {s1 , s2 }i and σ2 = hs2 , {s1 , s2 }i. Let α be an arbitrary sequence of actions of D1 and β be its longest prefix which does not contain the action disarm. Since no action in β changes the value of the fluent exploded, we can conclude that β is executable in σ1 and σ2 . Let b σ2 ) = hs2β , Σ2β i. We first prove by induction over the b σ1 ) = hs1β , Σ1β i and Φ(β, Φ(β, length of β, denoted by |β|, the following: {s1 , s2 } = {s1β , s2β }, s1β ∈ Σ1β and s2β ∈ Σ2β . (A.1) b we have that Φ(β, b σ1 ) = σ1 and Base case: |β| = 0, i.e., β = []. By definition of Φ, b Φ(β, σ2 ) = σ2 . Thus (A.1) holds. Inductive step: Assume that we have proved (A.1) for |β| < n. We need to prove (A.1) for |β| = n. Let β = β ′ ; a. Since a 6= disarm, a is either turn or look. If a = turn, we have 9 From the following quote in [23]: “In UWL (and in SADL) individual literals have truth values expressed in three valued logic: T, F, U (unknown)”. it seems that they are using an approximation. We would like to analyze this planner to figure out what kind of approximation they are using and if it is sound with respect to one of the formulations discussed in this paper. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 57 that {s1β , s2β } = {Res(a, s1β ′ ), Res(a, s2β ′ )} = {Res(a, s1 ), Res(a, s2 )} = {s1 , s2 }. And, if a = look, we have that {s1β , s2β } = {s1β ′ , s2β ′ } = {s1 , s2 }. Furthermore, by definition of Φ, from s1β ′ ∈ Σ1β ′ we can conclude that Res(a, s1β ′ ) = s1β ∈ Σ1β . Similarly, we have s2β ∈ Σ2β . The inductive hypothesis is proven. We now use (A.1) to prove the proposition. Recall that D1 has two models (σ1 , Φ) and (σ2 , Φ). From the construction of β, there are three cases: (1) β = α, (2) β; disarm = α, and (3) β; disarm is a proper prefix of α. Case 1: β = α. Since disarmed is not true in s1 and s2 , disarmed is not known to be true b σ2 ). Thus, by definition 6, D1 6|=r Knows disarmed after α; b σ1 ) and Φ(β, in Φ(β, AK Case 2: β; disarm = α. It follows from (A.1) that Res(disarm, s1 ) = s3 belongs to b disarm, σ1 ) = hs1α , Σ1α i and Φ(β; b disarm, σ2 ) = hs2α , Σ2α i. Σ1α or Σ2α where Φ(β; Since ¬exploded does not holds in s3 , we conclude that ¬exploded is not known b disarm, σ2 ). Again, by Definition 6, D1 6|=r b disarm, σ1 ) or Φ(β; to be true in Φ(β; AK Knows ¬exploded after α. Case 3: β; disarm is a proper prefix of α. Since s1 ∈ {s1β , s2β }, either s1β = s1 or s2β = s1 . Since Res(disarm, s1 ) = s3 and none of the actions of D1 is executable in s3 we b σ2 ) =⊥. This means that α is not executable in all b σ1 ) =⊥ or Φ(α, can conclude that Φ(α, c-initial states of D1 . By Definition 6, D1 6|=rAK Knows disarmed ∧ ¬exploded after α The above three cases show that D1 6|=rAK Knows disarmed ∧ ¬exploded after α. This proves the proposition. ✷ Appendix B. Soundness and completeness of the translation D to R(D) We now prove the Propositions 2 and 3. Recall that we assume that D is a domain description with m v-propositions initially G1 , . . . , initially Gm and n sensing actions K1 , . . . , Kn with the k-propositions K1 determines F1 , . . . , Kn determines Fn . And, we also assume that for each action A, D contains at least one executability condition whose action is A and each sensing action occurs only in one k-proposition. In the following, we write σ.1 and σ.2 to denote the first and second component of a c-state σ , respectively. In other words, if σ = hs, Σi, then σ.1 and σ.2 denote s and Σ respectively. For a state s and an action sequence α = [a1 ; . . . ; ak ], where [] denotes the empty sequence of actions, if α is executable in s then Res(α, s) denotes the state Res(ak , Res(ak−1 , . . . , Res(a1 , s))); otherwise, Res(α, s) = ⊥ (or undefined). A situation interpretation in D is defined by a sequence of actions α followed by a state s, such that α is executable in s, and is denoted by [α]s. For an interpretation I of the theory R(D), we write I [[p]] to denote the set of tuples belonging to the extent of the predicate p in I . I [[f ]](E x ) denotes the object which function f maps xE into in I . When f is a 0-ary function symbol, we simplify I [[f ]]() to I [[f ]]. Definition B.1. Let D be a domain description and M = (σ0 , Φ) be a model of D. The M-interpretation of R(D), denoted by MR , is defined as follows. 58 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 The universes of MR : (U.1) The universe of actions, denoted by |MR |action , is the set of actions A of D, i.e., |MR |action = A. (U.2) The universe of fluents, denoted by |MR |fluent , is the set of fluents F of D, i.e., |MR |fluent = F . (U.3) The universe of situations, denoted by |MR |situation, is defined by the set of situation interpretations, i.e., |MR |situation = {[α]s | s ⊆ F , α is an action sequence executable in s} ∪ {⊥} where ⊥ denotes the “impossible” situation. The interpretations of MR : (I.1) Fluent constants and action constants are interpreted as themselves. (I.2) Each situation S is interpreted as a situation interpretation. In particular, MR [[S0 ]] = []σ0 .1. (I.3) The interpretation of the predicate Holds is defined by hF, [α]Si ∈ MR [[Holds]] iff Res(α, S) is defined and F holds in Res(α, S). (I.4) The interpretation of the predicate K is defined inductively as follows: • h[]S ′ , []Si ∈ MR [[K]] if S = σ0 .1 and S ′ ∈ σ0 .2; and • h[α; A]S ′ , [α; A]Si ∈ MR [[K]] if the following conditions are satisfied – h[α]S ′ , [α]Si ∈ MR [[K]]; – A is executable in Res(α, S) and Res(α, S ′ ); and – either A is a non-sensing action or A is a sensing action that senses the fluent F and Res(α, S) and Res(α, S ′ ) agree on F . / MR [[K]] otherwise. • h[α ′ ]S ′ , [α]Si ∈ (I.5) The interpretation of the function do is defined by MR [[do]](A, [α]S) = [α; A]S if A is executable in Res(α, S); otherwise MR [[do]](A, [α]S) = ⊥. The interpretation MR is then extended to the predicates introduced in Section 2.3 such as γF+ , γF− , Poss, etc. For example, for a situation interpretation [α]S, • hϕ, [α]Si ∈ MR [[Holds]] iff ϕ holds in Res(α, S); or • hA, [α]Si ∈ MR [[γF+ ]] iff there exists an ef-proposition “A causes F if ρ” ∈ D such that hρ, [α]Si ∈ MR [[Holds]]; or • hA, [α]Si ∈ MR [[Poss]] iff there exists an ex-proposition “executable A if ρ” ∈ D such that hρ, [α]Si ∈ MR [[Holds]]; • etc. We next prove some lemmas about the relationship between a model M of D and the Minterpretation MR which will be used in proving the Propositions 2 and 3. For convenience, for a formula ϕ in the language of R(D), if ϕ is true in MR we write MR |= ϕ. Lemma B.1. For each model M = (σ0 , Φ) of a domain description D, a fluent F , an action A, and a situation interpretation [α]S + (Res(α, S)); and (i) hA, [α]Si ∈ MR [[γF+ ]] iff F ∈ EA − − (ii) hA, [α]Si ∈ MR [[γF ]] iff F ∈ EA (Res(α, S)). Proof. [α]S is a situation interpretation implies that α is executable in S. Therefore, Res(α, S) is defined. We have that 59 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 hA, [α]Si ∈ MR [[γF+ ]] iff there exists an ef-proposition “A causes F if ̺” ∈ D (Definition of γF+ ) such that h̺, [α]Si ∈ MR [[Holds]] iff there exists an ef-proposition “A causes F if ̺” ∈ D such that ̺ holds in Res(α, S) (by item (I.3) of Definition B.1) + (Res(α, S)). iff F ∈ EA Thus (i) is proved. Similarly, we can prove (ii). ✷ Lemma B.2. For each model M = (σ0 , Φ) of a domain description D, an action A, and a situation interpretation [α]S, (i) hA, [α]Si ∈ MR [[Poss]] iff A is executable in Res(α, S); and (ii) if hA, [α]Si ∈ MR [[Poss]] then MR [[do]](A, [α]S) = [α; A]S. Proof. Again, since [α]S is a situation interpretation, we have that α is executable in S. Thus Res(α, S) is defined. From the definition of Poss, we have that hA, [α]Si ∈ MR [[Poss]] iff there exists an ex-proposition “executable A if ρ” ∈ D such that hρ, [α]Si ∈ MR [[Holds]] iff there exists an ex-proposition “executable A if ρ” ∈ D such that ρ holds in Res(α, S) (by item (I.3) of Definition B.1) iff A is executable in Res(α, S). (1) The second item follows immediately from (1) and item (I.5) of Definition B.1. ✷ Lemma B.3. For each model M = (σ0 , Φ) of a domain description D, MR satisfies axiom (2.8). Proof. Consider an action A, a situation S, and a positive fluent literal F . Let MR [[S]] = / MR [[Poss]]. Thus we need to prove that [α]S. The axiom (2.8) is true in MR if hA, [α]Si ∈ it is also true in MR when hA, [α]Si ∈ MR [[Poss]]. From hA, [α]Si ∈ MR [[Poss]] and Lemma B.2, we have that A is executable in Res(α, S). Hence, by (I.5) of Definition B.1, MR [[do]](A, [α]S) = [α; A]S. (1) We have that MR |= Holds(F, do(A, S)) iff hF, MR [[do]](A, [α]S)i ∈ MR [[Holds]] because MR [[do]](A, [α]S) = [α; A]S, by (1) iff hF, [α; A]Si ∈ MR [[Holds]] iff F holds in Res([α; A], S) (by item (I.3) of Definition B.1) iff F ∈ Res(A, Res(α, S)) + (Res(α, S)) iff F ∈ EA 60 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 − or F ∈ Res(α, S) ∧ F ∈ / EA (Res(α, S)) (by definition of Res) + (by Lemma B.1) iff hA, [α]Si ∈ MR [[γF ]] / MR [[γF− ]]) (by Lemma B.1 and (I.3) or (hF, [α]Si ∈ MR [[Holds]] ∧ hA, [α]Si ∈ of Definition B.1) iff MR |= γF+ (A, S) ∨ (Holds(F, S) ∧ ¬γF− (A, S)) (2) Similarly, we can prove (2) for negative fluent literal. Thus MR satisfies (2.8). ✷ Lemma B.4. For each model M = (σ0 , Φ) of a domain description D, MR satisfies the axioms (2.10)–(2.12). Proof. Consider a situation S1 such that MR |= K(S1 , S0 ). This means that hMR [[S1 ]], MR [[S0 ]]i ∈ MR [[K]]. Hence, by item (I.4) of Definition B.1 and from the fact that MR [[S0 ]] = []σ0 .1, we can conclude that MR [[S1 ]] = []S for some S ∈ σ0 .2. Since M is a model of D, S is an initial state of D. Therefore, Gi holds in S for every i = 1,V . . . , m. Because [] is executable in S, by V item (I.3) of Definition B.1, we m G , []Si ∈ M [[Holds]], i.e., M |= conclude that h m R R i=1 i i=1 Holds(Gi , S1 ). Since this holds for every S1 such that MR |= K(S1 , S0 ), we can conclude that MR satisfies (2.11). (1) Since M is a model of D, we have that σ0 .1 ∈ σ0 .2. Thus, by item (I.4) of Definition B.1, we have that MR |= K(S0 , S0 ). Hence, MR satisfies (2.12). (2) Since σ0 .1 is also an initial state of D, from (1) and (2), we can conclude that MR satisfies (2.10). (3) The lemma follows from (1)–(3). ✷ Lemma B.5. For each model M = (σ0 , Φ) of a domain description D, MR satisfies axiom (2.9). Proof. Consider an action A and a situation S. Let MR [[S]] = [α]S. Similar to Lemma B.3, it suffices to prove that MR satisfies axiom (2.9) when hA, [α]Si ∈ MR [[Poss]]. By Lemma B.2, this implies that Res(α, S) is defined, A is executable in Res(α, S), and MR [[do]](A, [α]S) = [α; A]S. (1) There are two cases: Case 1: MR |= K(S2 , do(A, S)) for some situation S2 . Let MR [[S2 ]] = [α2 ]S2 . We will prove that the following formula is also true in MR : " ∃s1 . (K(s1 , S) ∧ Poss(A, s1 ) ∧ S2 = do(A, s1 )) ∧ n ^ i=1 ! A 6= Ki ∨ n _ i=1 (A = Ki ∧ Holds(Fi , s1 )) ≡ Holds(Fi , S) !# . (B.2) T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 61 MR |= K(S2 , do(A, S)) implies that h[α2 ]S2 , MR [[do]](A, [α]S)i ∈ MR [[K]], and hence, h[α2 ]S2 , [α; A]Si ∈ MR [[K]]. By item (I.4) of Definition B.1 we have that α2 = α; A, and h[α]S2 , [α]Si ∈ MR [[K]]; A is executable in Res(α, S2 ) and Res(α, S); (2) (3) A is a non-sensing action or if A is sensing action, say Ki , then Res(α, S2 ) and Res(α, S) agree on Fi ; (4) Let S1 be a situation such that MR [[S1 ]] = [α]S2 . It follows from (3) and Lemma B.2 that hA, [α]S2 i ∈ MR [[Poss]]. Furthermore, from (3) and (4), we can conclude that ! ! n n _ ^ A 6= Ki ∨ (A = Ki ∧ Holds(Fi , S2 )) ≡ Holds(Fi , S) . MR |= i=1 i=1 Together with (2), we have that S1 satisfies (B.2). Case 2: Assume that the formula (B.2) is true for some S1 with MR [[S1 ]] = [α1 ]S1 . We want to show that MR |= K(S2 , do(A, S)) (B.6) where S2 = do(A, S1 ). Similar to the above case, from MR |= K(S1 , S) and hA, [α1 ]S1 i ∈ MR [[Poss]], we can conclude that α1 = α, and A is executable in Res(α, S1 ). Thus, MR [[do]](A, [α]S1 ) = [α; A]S1 . It follows from (B.2) that MR |= (( Holds(Fi , S)). This implies that (5) Vn i=1 A 6= Ki ) ∨ Wn i=1 (A either A is a non-sensing action or A is a sensing action, say Ki , and Res(α, S1 ) and Res(α, S) agree on Fi . = Ki ∧ Holds(Fi , S1 ) ≡ (6) It follows from (1) and (5)–(6) and (I.4) of Definition B.1 that h[α; A]S1 , [α; A]Si ∈ MR [[K]]. This, together with (1) and (5), implies that hMR [[do]](A, [α]S1 ), MR [[do]](A, [α]S)i ∈ MR [[K]] which proves that (B.6) is true in MR . It follows from the above two cases that MR satisfies (2.9). ✷ Lemma B.6. For each model M = (σ0 , Φ) of a domain description D, the M-interpretation of R(D), MR , is a model of R(D). Proof. It follows from Lemmas B.3–B.5 that MR satisfies the axioms (2.8)–(2.12). It is easy to see that the closure assumptions and unique name assumptions for fluents and actions are satisfied by MR too. Thus, MR is a model of R(D). ✷ Lemma B.7. For each situation interpretation [α]S, the following statements are equivalent: (i) h[α]S, [α]σ0 .1i ∈ MR [[K]]; and b , σ0 ).2 for every prefix γ of α. (ii) α is executable in S and σ0 .1, and Res(γ , S) ∈ Φ(γ Proof. Induction over |α|. 62 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Base case: |α| = 0, i.e., α = []. By item (I.4) of Definition B.1, h[]S, []σ0 .1i ∈ MR [[K]] b σ0 ).2. Together with the fact that [] is executable in S and σ0 .1, we iff S ∈ σ0 .2 = Φ(α, conclude the base case. Inductive step: Assume that we have proved the lemma for |α| < k. We need to show it for |α| = k. Let α = [β; A]. Then, |β| < k. We consider two cases: (i) ⇒ (ii) From item (I.4) of Definition B.1 and (i) for α = [β; A], we have that h[β]S, [β]σ0 .1i ∈ MR [[K]]; (1) A is executable in Res(β, S) and Res(β, σ0 .1); and (2) if A senses Fj then Res(β, S) and Res(β, σ0 .1) agree on Fj . (3) By inductive hypothesis, from (1), we conclude that b , σ0 ).2 for every prefix γ of β. β is executable in S and σ0 .1, and Res(γ , S) ∈ Φ(γ From (2) and the fact that β is executable in S and σ0 .1, we have that [β; A] is executable in S and σ0 .1. b σ0 ).2, we conclude that From (3) and the fact that Res(β, S) ∈ Φ(β, (4) (5) b Res([β; A], S) ∈ Φ([β; A], σ0).2. (6) h[β]S, [β]σ0 .1i ∈ MR [[K]]. (7) The inductive step for this direction follows from (4)–(6). (ii) ⇒ (i) α is executable in S and σ0 .1 implies that β is executable in S and σ0 .1. Furthermore, every prefix of β is a prefix of α. Hence, by inductive hypothesis, we have that α is executable in S and σ0 .1 also implies that A is executable in Res(β, S) and Res(β, σ0 .1). b b σ0 ).2 and Res([β; A], S) ∈ Φ([β; A], σ0).2 implies that Res(β, S) ∈ Φ(β, if A is a sensing action, say Ki , then Res(β, S) and Res(β, σ0 .1) must agree on Fi . (8) (9) It follows from (7)–(9) and item (I.4) of Definition B.1 that h[β; A]s, [β; A]σ0.1i ∈ MR [[K]]. This concludes the inductive step for this direction. The inductive step is proved. Hence, by mathematical induction, we conclude the lemma. ✷ Lemma B.8. For every state S and action sequence α, α is executable in S iff hα, []Si ∈ MR [[Poss]]. Proof. By induction over |α|. Base case: α = []. The lemma is trivial because [] is executable in every state S and h[], []Si ∈ MR [[Poss]] for every state S. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 63 Inductive step: Assume that we have proved the lemma for |α| < k. We need to show it for |α| = k. Let α = [β; A]. We have that |β| < k and β; A is executable in S iff β is executable in S and A is executable in Res(β, S) (by inductive hypothesis) iff hβ, []Si ∈ MR [[Poss]] (by Lemma B.2) and hA, MR [[do]](β, []S)i ∈ MR [[Poss]] ✷ iff h[β; A], []Si ∈ MR [[Poss]]. Lemma B.9. Let D be a domain description and M = (σ0 , Φ) be a model of D. Then, there exists a model MR of R(D) such that for any fluent formula ϕ and sequence b σ0 ) iff of actions α of D, α is executable in σ0 and ϕ is known to be true in Φ(α, MR |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ). Proof. Let MR be the M-interpretation of R(D). By Lemma B.6 we have that MR is a model of R(D). We will prove that MR satisfies the conclusion of the lemma. We have that α is executable in σ0 iff α is executable in σ0 .1 iff hα, []σ0 .1i ∈ MR [[Poss]] iff MR |= Poss(α, S0 ). (by Lemma B.8) (1) b σ0 ) ϕ is known to be true in Φ(α, b σ0 ).2, ϕ holds in S (by definition) iff for every S ∈ Φ(α, iff for every S ∈ σ0 .2 such that b , σ0 ).2 α is executable in S and Res(γ , S) ∈ Φ(γ for every prefix γ of α, ϕ holds in Res(α, S) (by Lemma B.7) iff for every [α]S such that h[α]S, [α]σ0 .1i ∈ MR [[K]] (by item (I.3) of Definition B.1) and hϕ, [α]Si ∈ MR [[Holds]] (by definition of Knows) (2) iff MR |= Knows(ϕ, do(α, S0 )) The lemma follows from (1) and (2). ✷ We now prove the counterpart of Lemma B.9. Let D be a domain description and MR be a model of R(D). Since R(D) contains the DCA and UNA axioms for actions and fluents we can assume that the domains of actions and fluents are A and F respectively, i.e., |MR |action = A and |MR |fluent = F . In what follows, whenever we say a situation S we mean a ground situation term. We define Definition B.2. Let D be a domain description and MR be a model of R(D). For each ground situation term s in MR , let s∗ = {F | Holds(F, s) is true in MR , F is a positive fluent literal}. 10 The MR -initial c-state of D, denoted by σ0∗ , is defined as follows. (M.1) σ0∗ .1 = S∗0 ; (M.2) σ0∗ .2 = {s∗ | K(s, S0 ) is true in MR }. 10 Recall that Holds(¬F, s) stands for ¬Holds(F, s). 64 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 We call M = (σ0∗ , Φ), where σ0∗ is the MR -initial c-state and Φ is the transition function of D (defined in Definition 2), the MR -based model of D. Lemma B.10. For a domain description D and a model MR of R(D), the MR -based model of D. is a model of D. Proof. Consider an arbitrary v-proposition “initially Gi ” of D. There are two cases: • Gi is a positive literal. Since MR is a model of R(D), from (2.10) we have that Holds(Gi , S0 ) is true in MR . By (M.1) of Definition B.2, we have that Gi ∈ σ0∗ .1, i.e., Gi holds in σ0∗ .1. (1) • Gi is a negative literal, say Gi = ¬G. Again, since MR is a model of R(D), from (2.10) we have that Holds(¬G, S0 ) is true in MR , or Holds(G, S0 ) is false in MR . Thus, by (M.1) of Definition B.2, we have that G∈ / σ0∗ .1, i.e., Gi holds in σ0∗ .1. (2) It follows from (1) and (2) that σ0∗ .1 is an initial state of D. (3) Consider S ∈ σ0∗ .2. By (M.2) of Definition B.2, we concludeVthat there exists S such that = S∗ and K(S, S0 ) is true in MR . Hence, by axiom (2.11), m i=1 Holds(Gi , S) is true in S MR . Similar to (1) and (2) we can prove that S is an initial state of D. (4) From (3) and (4) we have that σ0∗ is an initial c-state. Furthermore, axiom (2.12) and (M.2) of Definition B.2 indicate that σ0∗ .1 ∈ σ0∗ .2, i.e., σ0∗ is a grounded initial c-state. Since Φ is the transition function of D and σ0∗ is an initial ground c-state, M = (σ0∗ , Φ) is a model of D. ✷ The next corollary follows immediately from Definition B.2. Corollary B.1. For each model MR of R(D), a fluent formula ϕ, and a situation S, Holds(ϕ, S) holds in MR iff ϕ holds in S∗ . Lemma B.11. For each model MR of R(D), a fluent F , a situation S, and an action A + ∗ (S ); and (i) γF+ (A, S) is true in MR iff F ∈ EA − − ∗ (ii) γF (A, S) is true in MR iff F ∈ EA (S ). Proof. We have that γF+ (A, S) is true in MR W (Definition of γF+ (A, S)) iff “A causes F if ̺”∈D Holds(̺, S) is true in MR iff there exists an ef-proposition “A causes F if ̺” ∈ D (by Corollary B.1) such that ̺ holds in S∗ + ∗ (S ). iff F ∈ EA 65 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Thus (i) is proved. Similarly, we can prove (ii). ✷ Lemma B.12. For each model MR of R(D), a situation S, and an action A, (i) Poss(A, S) is true in MR iff A is executable in S∗ ; and (ii) if Poss(A, S) is true in MR then (S′ )∗ = Res(A, S∗ ) where S′ = do(A, S). Proof. Poss(A, S) is true in MR iff there exists an ex-proposition “executable A if ρ” ∈ D such that Holds(ρ, S) is true in MR iff there exists an ex-proposition “executable A if ρ” ∈ D such that ρ holds in S∗ iff A is executable in S∗ . (1) We have that if Poss(A, S) is true in MR then, for a fluent F , F ∈ ( S ′ )∗ iff Holds(F, do(A, S)) is true in MR iff γF+ (A, S) ∨ (Holds(F, S) ∧ ¬γF− (A, S)) is true in MR + ∗ − ∗ (S ) or (F ∈ S∗ and F ∈ / EA (S )) iff F ∈ EA ∗ F ∈ Res(A, S ). The lemma follows from (1) and (2). (by axiom (2.8)) (by Lemma B.11) (2) ✷ Lemma B.13. For each model MR of R(D), a situation S, and a sequence of actions α: (i) Poss(α, S) is true in MR iff α is executable in S∗ ; and (ii) if Poss(α, S) is true in MR then [do(α, S)]∗ = Res(α, S∗ ). Proof. By induction over |α|. Base case: |α| = 0. (i) is trivial because Poss([], S) is true (by definition) and [] is executable in every state. (ii) follows immediately from (M.1) of Definition B.2. The case |α| = 1 is proven by Lemma B.12. Inductive step: Assume that we have proved the lemma for |α| < k. We need to show it for |α| = k. Let α = [β; A]. We have that |β| < k. We have that Poss(α, S) is true in MR iff Poss(β, S) is true in MR and Poss(A, do(β, S)) is true in MR (by definition) iff Poss(β, S) is true in MR and there exists an ex-proposition “executable A if ρ” ∈ D such that Holds(ρ, do(β, S)) is true in MR iff β is executable in S∗ (by inductive hypothesis, item (i)) and there exists an ex-proposition “executable A if ρ” ∈ D such that ρ holds in Res(β, S∗ ) (by inductive hypothesis, item (ii)) [β; A] is executable in S∗ . (1) 66 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Let S′ = do(β, S). By Lemma B.12, we have that [do(A, S′ )]∗ = Res(A, (S′ )∗ ). By inductive hypothesis, we have that (S′ )∗ = Res(β, S∗ ). Hence, [do([β; A], S)]∗ = [do(A, do(β, S))]∗ = Res(A, (S′ )∗ ) = Res(A, Res(β, S∗ )) = Res([β; A], S∗). The inductive step follows from (1) and (2). (2) ✷ Lemma B.14. Let D be a domain description and MR be a model of R(D). Then, there exists a model (σ0 , Φ) of D such that for any fluent formula ϕ and sequence of actions α of D, MR |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ) iff α is executable in σ0 and ϕ is known b σ0 ). to be true in Φ(α, Proof. We will prove that the MR -based model of D, M = (σ0∗ , Φ), satisfies the conclusion of the lemma. By Lemma B.10, M is a model of D. By Lemma B.13, we have that Poss(α, S0 ) is true in MR iff α is executable in (S0 )∗ = σ0∗ .1 iff α is executable in σ0∗ . (1) We now prove by induction over the length of α that M satisfies the lemma and the following properties. b σ ∗ ).2. (i) K(s, do(α, S0 )) is true in MR iff s∗ ∈ Φ(α, 0 Base case: |α| = 0. The conclusion of the lemma is trivial because of the definition of M. (i) is equivalent to K(s, S0 ) is true in MR iff s∗ ∈ σ0∗ .2 which follows immediately from item (M.2) of Definition B.2 and the fact that K(S0 , S0 ) is true in MR . This proves the base case. Inductive step: Assume that we have proved the lemma for |α| < l. We need to prove it for |α| = l. Let α = [β; A]. It follows from the construction of R(D) that K(s, do([β; A], S0)) is true in MR iff ∃s1 .[(K(s1 , do(β, S0 )) ∧ Poss(A, s1 ) ∧ s = do(A, s1 ) V and ( nj =1 (A 6= Kj ) ∧ Wn j =1 (A = Kj ∧ (Holds(Fj , s1 ) ≡ Holds(Fj , do(β, S0 )))))] (by (2.9)) is true in MR ∗ ∗ b (by inductive hypothesis) iff s1 ∈ Φ(β, σ0 ).2 and s∗ = Res(A, s∗1 ) (by s = do(A, s1 ) and (M.1) of Definition B.2) b σ0∗ ).1 and if Al = Kj then Fj ∈ s∗1 iff Fj ∈ Φ(β, b σ0∗ ).2 iff s∗ ∈ Φ(β, (2) 67 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Consider a fluent formula ϕ, we have that MR |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ) iff Poss(α, S0 ) is true in MR and ∀s.[K(s, do(α, S0 )) ⊃ Holds(F, s)] is true in MR iff α is executable in σ0∗ b σ0∗ ).2, ϕ holds in s∗ and ∀s∗ ∈ Φ(α, b σ0∗ ). iff α is executable in σ0∗ and ϕ is known to be true in Φ(α, (by (1) and (i)) (3) (2) and (3) prove the inductive step for (i) and the lemma’s conclusion. The lemma is proved. ✷ We now prove Proposition 2. Proposition 2. Let D be a domain description, ϕ be a fluent formula, and α be a sequence of actions of D. Then, D |=AK Knows ϕ after α iff R(D) |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ). Proof. (a) Assume that D |=AK Knows ϕ after α. We will prove that R(D) |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ). Assume the contrary, R(D) 6|= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ). By definition, there exists a model MR of R(D) such that MR 6|= Knows(ϕ, do(α, S0 )) or MR 6|= Poss(α, S0 ). Then, by Lemma B.14, there exists a model M of D such that M 6|= Knows ϕ after α. This implies that D 6|=AK Knows ϕ after α which contradicts with the assumption that D |=AK Knows ϕ after α. Hence, our assumption is incorrect, i.e., we have proved that R(D) |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ). Therefore, we can conclude that if D |=AK Knows ϕ after α then R(D) |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ). (1) (b) Assume that R(D) |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ). We will prove that D |=AK Knows ϕ after α. Assume the contrary, D 6|=AK Knows ϕ after α. This means that there exists a model M of D such that M 6|= Knows ϕ after α. Then, by Lemma B.9, there exists a model MR of R(D) such that MR 6|= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ). This implies that R(D) 6|= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ) which contradicts our assumption. Hence, we have that D |=AK Knows ϕ after α. So, if R(D) |= Knows(ϕ, do(α, S0 )) ∧ Poss(α, S0 ) then D |=AK Knows ϕ after α. (2) From (1) and (2), we can conclude that D |=AK Knows ϕ after α iff R(D) |= Knows(F, do(α, S0 )) ∧ Poss(α, S0 ). ✷ We will now extend the Lemmas B.9 and B.14 to conditional plans. We need the following notation and lemmas. Let c be a conditional plan, we define the number of case plans of c, denoted by count(c), inductively as follows. 68 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 (1) (2) (3) (4) If c = [], then count(c) = 0. If c = a, a is an action, then count(c) = 0. If c1 and c2 are conditional plans, then case(c1 ; c2 ) = count(c1 ) + count(c2 ). If c is a case plan of the form Case ϕ 1 → c1 ... ϕ n → cn Endcase P then count(c) = 1 + ni=1 count(ci ). It follows directly from the definition of BApply the following lemma. Lemma B.15. Let s, s′ be situations and c be a conditional plan. The following formulas are entailed by BApply : (i) Apply([], s, s′ ) ⊃ s = s′ ; (ii) Apply([case([])|c], s, s′ ) ⊃ s′ = ⊥; and (iii) Apply(c, ⊥, s′ ) ⊃ s′ = ⊥. Proof. Assume that (i) is not entailed by BApply . Then, there exists a model M of BApply such that Apply([], s, s′ ) is true in M but s 6= s′ . It is easy to see that M \ Apply([], s, s′ ) is also model of BApply . This violates the minimality of M. Thus, (i) is true in every model of BApply . Similarly, we can prove (ii) and (iii). ✷ Lemma B.16. Let s, s′ , s′′ be situations, a be an action, ϕ be a fluent formula, α be a sequence of actions, and c, c′ , c′′ be conditional plans. The following formulas are entailed by BApply : (i) Apply([a|α], s, s′ ) ∧ s 6= ⊥ ⊃ ((Poss(a, s) ⊃ Apply(α, do(a, s), s′ )) ∧ (¬Poss(a, s) ⊃ s′ = ⊥)); (ii) Apply([case([(ϕ, c)|r ′ ])|c′′ ], s, s′ ) ∧ s 6= ⊥ ⊃ ((knows(ϕ, s) ⊃ ∃s′′ .Apply(c, s, s′′ ) ∧ Apply(c′′ , s′′ , s′ )) ∧ (¬knows(ϕ, s) ⊃ Apply([case(r ′ )|c′′ ], s, s′ ))); and (iii) Apply(c, s, s′ ) ∧ Apply(c, s, s′′ ) ⊃ s′ = s′′ . Proof. Assume that (i) is not entailed by BApply . It means that there exists a model M of BApply , an action a, a sequence of actions α, and two situations s and s′ such that Apply([a|α], s, s′ ) ∧ s 6= ⊥ is true in M and (Poss(a, s) ⊃ Apply([a|α], do(a, s), s′ )) ∧ (¬Poss(a, s) ⊃ s′ = ⊥) is not true in M. By definition of BApply , the model M ′ = M \ {Apply([a|α], s, s′ )} is a model of BApply . This contradicts the assumption that M is a minimal model of BApply . Hence, our assumption that (i) is not true in M is incorrect, i.e., we have proved that (i) is a valid sentence of BApply . Similarly, we can prove item (ii). The proof of item (iii) is based on induction over count(c) and is omitted here. ✷ T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 69 Lemma B.17. Let c1 , . . . , cn be n arbitrary conditional plans, (n > 1). Then, the following formula is entailed by BApply : Apply([c1 ; . . . ; cn ], s1 , sn+1 ) ≡ ∃(s2 , . . . , sn ).[Apply(c1 , s1 , s2 ) ∧ · · · ∧ Apply(cn , sn , sn+1 )]. Proof. We prove the lemma by induction over n. Base case: n = 1. Then, we have that the right hand side is ∃s2 .Apply(c1 , s1 , s2 ) and the left hand side is Apply(c1 , s1 , s2 ). It follows from item (iii) of Lemma B.16 that Apply(c1 , s1 , s2 ) ≡ ∃(s2 ).Apply(c1 , s1 , s2 ). This proves the base case. Inductive step: Assume that we have proved the lemma for n. We need to prove it for n + 1. Since cn and cn+1 are conditional plans, by definition, we have that c = cn ; cn+1 is a conditional plan. Hence, by inductive hypothesis for n plans c1 , . . . , cn−1 , c, we have that Apply([c1 ; . . . ; cn−1 ; c], s1 , sn+2 ) ≡ ∃(s2 , . . . , sn ).[Apply(c1 , s1 , s2 ) ∧ · · · ∧ Apply(c, sn , sn+2 )]. (1) By inductive hypothesis for 2 plans cn and cn+1 , we have that Apply(c, sn , sn+2 ) ≡ ∃(sn+1 ).[Apply(cn , sn , sn+1 ) ∧ Apply(cn+1 , sn+1 , sn+2 )]. (2) The inductive step follows from (1) and (2). I.e., the lemma is proved. ✷ Lemma B.18. Let c be a case plan of the form Case ϕ1 → p1 .. . ϕl → pl Endcase and s 6= ⊥. Then, the following formula is entailed by BApply : Knows(ϕj , s) ∧ Apply(c, s, s′ ) ≡ Knows(ϕj , s) ∧ Apply(pj , s, s′ ). Proof. Let M be a model of BApply . Obviously, if Knows(ϕj , s) is false in M for 1 6 j 6 l, the formula is true in M. So, we need to prove it for the case there exists some j , 1 6 j 6 l, Knows(ϕj , s) is true in M. We consider two cases: (a) Left to Right: Assume that Knows(ϕj , s) ∧ Apply(c, s, s′ ) is true in M. Then, since ϕj ’s are mutual exclusive, we can conclude that ¬Knows(ϕi , s) is true in M, for i 6= j, 1 6 i 6 l. Hence, by item (ii) of Lemma B.16 (for c′′ = [], ϕ = ϕj , c = pj ) we have that ∃s′′ .Apply(pj , s, s′′ ) ∧ Apply([], s′′ , s′ ) is true in M. (1) From item (i) of Lemma B.15, we have that s′′ = s′ . Hence, (1) is equivalent to, Apply(pj , s, s′ ) is true in M. (2) 70 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 It follows from the assumption that Knows(ϕj , s) is true in M and (2) that Knows(ϕj , s) ∧ Apply(pj , s, s′ ) is true in M, which proves (a). (b) Right to Left: Assume that Knows(ϕj , s) ∧ Apply(pj , s, s′ ) holds in M. Similar argument as above concludes that ¬Knows(ϕi , s) is true in M, for i 6= j, 1 6 i 6 l. Hence, by definition of Apply (case 6, for c′′ = [], r ′ is the sequence [(ϕ1 , p1 ), . . . , (ϕj −1 , pj −1 ), (ϕj +1 , pj +1 ), . . . , (ϕl , pl )]), we have that Knows(ϕj , s)∧ Apply(pj , s, s′ )∧ Apply([], s′ , s′′ ) ⊃ Apply([case([(ϕj , pj )|r ′ ], s, s′′ ) holds in M. Furthermore, from (i) of Lemma B.15, we have that s′′ = s′ . Hence, we conclude that Apply(c, s, s′ ) ∧ Knows(ϕj , s) holds in M. This proves (b). The lemma follows from (a) and (b). ✷ Lemma B.19. Assume that c = c1 , . . . , cn is a conditional plan where c1 , . . . , cn is a sequence of conditional plans satisfying the conditions of Observation 3.1. Let c1 be a case plan of the form Case ϕ1 → p1 .. . ϕl → pl Endcase and s be a situation term. Let M be a model of BApply such that M |= Knows(ϕj , s) for some j , 1 6 j 6 l. Then, M ∪ BApply |= Apply(c, s, s′ ) ≡ Apply(c′ , s, s′ ) where c′ = pj ; c2 ; . . . ; cn . Proof. By Lemma B.17, there exists s1 , . . . , sn−1 such that Apply(c, s, s′ ) ≡ Apply(c1 , s, s1 ) ∧ · · · ∧ Apply(cn , sn−1 , s′ ) is true in M ∪ BApply . (1) Since M |= Knows(ϕj , s), by Lemma B.18 and from (1), we have that Knows(ϕj , s) ∧ Apply(c1 , s, s1 ) ≡ Knows(ϕj , s) ∧ Apply(pj , s, s1 ) is true in M ∪ BApply . (2) It follows from (1) and (2) that M ∪ BApply |= Knows(ϕj , s) ∧ Apply(c, s, s′ ) ≡ Knows(ϕj , s) ∧ Apply(pj , s, s1 ) ∧ Apply(c2 , s1 , s3 ) ∧ · · · ∧ Apply(cn , sn−1 , s′ ), which implies that M ∪ BApply |= Apply(c, s, s′ ) ≡ Apply(c′ , s, s′ ). The lemma follows from (3). ✷ (by Lemma B.17) (3) T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 71 Lemma B.20. Assume that c = c1 , . . . , cn is a conditional plan where c1 , . . . , cn is a sequence of conditional plans satisfying the conditions of Observation 3.1. Let c1 be a sequence of actions and c2 be a case plan of the form Case ϕ1 → p1 .. . ϕl → pl Endcase and s be a situation term. Let M be a model of BApply such that M |= Knows(ϕj , do(c1 , s)) for some j , 1 6 j 6 l. Then, M ∪ BApply |= Apply(c, s, s′ ) ≡ Apply(c′ , s, s′ ) where c′ = c1 ; pj ; . . . ; cn . Proof. Since M |= Knows(ϕj , do(c1 , s)), we conclude that Poss(c1 , s) is true in M. By Lemma B.17, there exists s1 , . . . , sn−1 such that Apply(c, s, s′ ) ≡ Apply(c1 , s, s1 ) ∧ · · · ∧ (1) Apply(cn , sn−1 , s′ ) holds in M ∪ BApply . Since c1 is a sequence of actions, we have that s1 = do(c1 , s). Therefore, from M |= Knows(ϕj , do(c1 , s)), s1 = do(c1 , s), and by Lemma B.18, we have that M ∪ BApply |= Apply(c2 , s1 , s2 ) ≡ Apply(pj , s1 , s2 ). (2) It follows from (1) and (2) that M ∪ BApply |= Apply(c, s, s′ ) ≡ Apply(c1 , s, s1 ) ∧ Apply(pj , s1 , s2 ) ∧ Apply(c3 , s2 , s3 ) ∧ · · · ∧ Apply(cn , sn−1 , s′ ), which implies that M ∪ BApply |= Apply(c, s, s′ ) ≡ Apply(c′ , s, s′ ). (by Lemma B.17) (3) The lemma follows from (3). ✷ Lemma B.21. Let D be a domain description and M = (σ0 , Φ) be a model of D. Then, there exists a model MR of R(D) such that for any fluent formula ϕ and conditional plan c, b σ0 ) iff MR ∪ BApply |= • c is executable in σ0 and ϕ is known to be true in Φ(c, Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥; b σ0 ) = ⊥ iff MR ∪ BApply |= Apply(c, S0 , ⊥). • Φ(c, Proof. From Observation 3.1, we can assume that c = c1 ; . . . ; cn where ci is a sequence of actions or a case plan and for every i, 1 6 i 6 n − 1, if ci is a sequence of actions then ci+1 is a case plan. Let MR be the M-interpretation of D. By Lemma B.2, MR is model of R(D). We will prove by induction over count(c) that MR satisfies the lemma. Base case: count(c) = 0. Using items (i) and (iii) of Lemma B.16, we can prove that MR ∪ BApply |= Apply(c, S0 , s) ⊃ (Poss(c, S0 ) ⊃ s = do(c, S0 )) ∧ (¬Poss(c, S0 ) ⊃ s = ⊥). (1) 72 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 b σ0 ) By Lemma B.9, we have that c is executable in σ0 and ϕ is known to be true in Φ(c, iff MR |= Knows(ϕ, do(c, S0 )) ∧ Poss(c, S0 ). iff (2) b σ0 ) It follows from (1) and (2) that c is executable in σ0 and ϕ is known to be true in Φ(c, MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥ . (3) (3) proves the first item of the lemma. To complete the base case, we need to prove the second item. Since c is a sequence of actions, we have that b σ0 ) = ⊥ Φ(c, iff c is not executable in σ0 iff MR |= ¬Poss(c, S0 ) iff MR ∪ BApply |= Apply(c, S0 , ⊥) (Lemma B.9) (by (1)). So, the second item of the lemma is proved. The base case is proved. Inductive step: Assume that we have proved the lemma for count(c) 6 k. We need to prove the lemma for count(c) = k + 1. b σ0 ). We will show that Case 1: c is executable in σ0 and ϕ is known to be true in Φ(c, Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6=⊥ is true in MR ∪ BApply . We consider two cases: Case 1.1: c1 is a case plan. Assume that c1 is the following case plan Case ϕ1 → p1 .. . ϕl → pl Endcase b σ0 ) we have that ⊥ = b σ0 ). 6 Φ(c, Since c is executable in σ0 and ϕ is known to be true in Φ(c, It implies that there exists j, 1 6 j 6 l, such that ϕj is known to be true in σ0 . (4) c′ b and from (4) we have that Φ(c, b σ0 ) = Let = pj ; c2 ; . . . ; cn . Then, by definition of Φ b ′ , σ0 ). Since count(c′ ) 6 count(c) − 1, we b ′ , σ0 ). Hence, ϕ is known to be true in Φ(c Φ(c have that count(c′ ) 6 k. Thus, by inductive hypothesis, we can conclude that Knows(ϕ, s) ∧ Apply(c′ , S0 , s) ∧ s 6= ⊥ is true in MR ∪ BApply . (5) It follows from Lemma B.19 that MR ∪ BApply |= Apply(c, S0 , s) ≡ Apply(c′ , S0 , s). (6) From (5) and (6) we have that MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. Case 1.2: c1 is a sequence of actions. Then, c2 is a case plan. Let us assume that c2 is the case plan. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 73 Case ϕ1 → p1 .. . ϕl → pl Endcase b σ0 ) we have that ⊥ = 6 Since c is executable in σ0 and ϕ is known to be true in Φ(c, b σ0 ). This implies that Φ(c, b 1 , σ0 ). there exists j, 1 6 j 6 l, such that ϕj is known to be true in Φ(c (7) b ′ , σ0 ). ϕ is known to be true in Φ(c (8) c′ b we have that Φ(c, b σ0 ) = Let = c1 ; pj ; c3; . . . ; cn . From (7) and the definition of Φ, b ′ , σ0 ). This implies that Φ(c count(c′ ) 6 count(c) − 1, Since and (8), we conclude that we have that count(c′ ) 6 k. Thus, by inductive hypothesis MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c′ , S0 , s) ∧ s 6= ⊥ . (9) From Lemma B.20, we have that MR ∪ BApply |= Apply(c, S0 , s) ≡ Apply(c′ , S0 , s). (10) (9) and (10) prove that MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. The above two cases prove that if c is executable in σ0 and ϕ is known to be true in b σ0 ) then MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. Φ(c, Case 2: MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. We will prove that c is b σ0 ). We consider two cases: executable in σ0 and ϕ is known to be true in Φ(c, Case 2.1: c1 is a case plan. Assume that c1 is the following case plan Case ϕ1 → p1 .. . ϕl → pl Endcase Since MR ∪ BApply |= Apply(c, S0 , s) ∧ s 6= ⊥, by items (ii) of Lemma B.16, we conclude that there exists j, 1 6 j 6 l, such that MR |= Knows(ϕj , S0 ). (11) c′ Let = pj ; c2 ; . . . ; cn . By Lemma B.19 we have that MR ∪ BApply |= Apply(c, S0 , s) ≡ Apply(c′ , S0 , s). This implies that MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c′ , S0 , s) ∧ s 6= ⊥ . (12) Furthermore, from the definition of MR and (11), we have that ϕj is known to be true in σ0 . This implies that b ′ , σ0 ). b σ0 ) = Φ(c Φ(c, (13) 74 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Since count(c′ ) 6 count(c) − 1, we have that count(c′ ) 6 k. Thus, by inductive hypothesis b ′ , σ0 ), and (12), we can conclude that c is executable in σ0 and ϕ is known to be true in Φ(c b and from (13), we have that c is executable in σ0 and ϕ is known to be true in Φ(c, σ0 ). Case 2.2: c1 is a sequence of actions. Then, c2 is a case plan. Let us assume that c2 is the case plan. Case ϕ1 → p1 .. . ϕl → pl Endcase Similar to case 2.1, we conclude that there exists j , 1 6 j 6 l, such that MR ∪ BApply |= Knows(ϕj , s′ ) ∧ Apply(c1 , S0 , s′ ) ∧ s′ 6= ⊥ . (14) Let c′ = c1 ; pj ; c3 ; . . . ; cn . From (14) and Lemma B.20, we have that MR ∪ BApply |= Apply(c, S0 , s) ≡ Apply(c′ , S0 , s). (15) By inductive hypothesis, we have that c′ is executable in σ0 and ϕj is known to be true b 1 , σ0 ). Hence, in Φ(c b ′ , σ0 ). b σ0 ) = Φ(c Φ(c, (16) MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥ . (17) Since count(c′ ) 6 count(c) − 1, we have that count(c′ ) 6 k. Thus, by inductive hypothesis, b ′ , σ0 ). This, together with (16), proves we can conclude that ϕ is known to be true in Φ(c b σ0 ). that c is executable in σ0 and ϕ is known to be true in Φ(c, The two cases 2.1 and 2.2 prove that if MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ b σ0 ). s 6= ⊥ then c is executable in σ0 and ϕ is known to be true in Φ(c, The two cases 1 and 2 prove that c is executable in σ0 and ϕ is known to be true in b σ0 ) iff Φ(c, b σ0 ) = ⊥ iff The proof of the inductive step for the last item of the lemma, Φ(c, Apply(c, S0 , ⊥) is true in MR ∪ BApply has also four cases similar to the cases (1.1)–(1.2) and (2.1)–(2.2). We will show next the first case. The other cases are similar and are omitted here. b σ0 ) = ⊥ where c = c1 , . . . , cn and c1 is the following case plan Assume that Φ(c, Case ϕ1 → p1 .. . ϕl → pl Endcase We will show that Apply(c, S0 , ⊥) is true in MR ∪ BApply . We consider two cases: T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 75 (a) There exists no j such that ϕj is known to be true in σ0 . By Lemma B.9, we have that ¬Knows(ϕj , S0 ) is true in MR for 1 6 j 6 l. Applies the last definition of Apply l times, we have that Apply(c, S0 , S′ ) ⊃ Apply([case([])|c′ ], S0 , S′ ) is true in BApply where c′ = c2 , . . . , cn . By the third item in the definition, we can then conclude that Apply(c, S0 , S′ ) ⊃ Apply(c, S0 , ⊥) is true in MR ∪ BApply , i.e., the inductive step is proved. (b) There exists some j such that ϕj is known to be true in σ0 . Again, by Lemma B.9, we have that Knows(ϕj , S0 ) is true in MR and Knows(ϕi , S0 ) is false in MR for 1 6 i 6= j 6 l. Then, by Lemma B.19, we have that MR ∪ BApply |= Apply(c, S0 , s) ≡ Apply(c′ , S0 , s), b σ0 ) = Φ(c b ′ , σ0 ) = ⊥ and where c′ = pj ; c2 ; . . . ; cn . This, together with the fact that Φ(c, the inductive hypothesis implies that Apply(c, S0 , ⊥) is true in MR ∪ BApply . The above two cases prove the inductive step for the second item of the lemma. (18) The lemma follows from (17) and (18). ✷ Lemma B.22. Let D be a domain description and MR be a model of R(D). Then, there exists a model M = (σ0 , Φ) of D such that for any fluent formula ϕ and any conditional plan c, • MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s)) ∧ s 6= ⊥ iff c is executable in σ0 and b σ0 ); ϕ is known to be true in Φ(c, b σ0 ) = ⊥ iff MR ∪ BApply |= Apply(c, S0 , ⊥). • Φ(c, Proof. From Observation 3.1, we can assume that c = c1 ; . . . ; cn where ci is a sequence of actions or a case plan and for every i, 1 6 i 6 n − 1, if ci is a sequence of actions then ci+1 is a case plan. Let M = (σ0 , Φ) be the MR -based model of D. By Lemma B.10, M is a model of D. We will prove by induction over the number of case plan in c, count(c), that M satisfies the lemma. Base case: count(c) = 0. Using item (i) of the Lemma B.16, we can prove that MR ∪ BApply |= Apply(c, S0 , s) ⊃ (Poss(c, S0 ) ⊃ s = do(c, S0 )) ∧ (¬Poss(c, S0 ) ⊃ s = ⊥). (1) By Lemma B.14, we have that MR |= Knows(ϕ, do(c, S0 )) ∧ Poss(c, S0 ) iff c is executable in σ0 and ϕ is known to be b σ0 ). This, together with (1), proves that true in Φ(c, MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥ b σ0 ). iff c is executable in σ0 and ϕ is known to be true in Φ(c, (2) Furthermore, since c is a sequence of actions, from (1), MR ∪ BApply |= Apply(c, S0 , ⊥) iff ¬Poss(c, S0 ) is true in MR . Again, by Lemma B.14, this is equivalent to c is not executable in σ0 . The base case for the third item of the lemma is proved. (3) 76 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 The base case of the lemma follows from (2)–(3). Inductive step: Assume that we have proved the lemma for count(c) 6 k. We need to prove the lemma for count(c) = k + 1. b σ0 ). We will show that Case 1: c is executable in σ0 and ϕ is known to be true in Φ(c, MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. We consider two cases: Case 1.1: c1 is a case plan. Assume that c1 is the following case plan Case ϕ1 → p1 .. . ϕl → pl Endcase b σ0 ) we have that ⊥ = b σ0 ). 6 Φ(c, Since c is executable in σ0 and ϕ is known to be true in Φ(c, This implies that there exists j, 1 6 j 6 l, such that ϕj is known to be true in σ0 . (4) b and from (4) we have that Φ(c, b σ0 ) = Let = pj ; c2 ; . . . ; cn . Then, by definition of Φ ′ b Φ(c , σ0 ). This implies that c′ b ′ , σ0 ). ϕ is known to be true in Φ(c (5) From (4) and Lemma B.19, we have that MR ∪ BApply |= Apply(c, S0 , s) ≡ Apply(c′ , S0 , s). count(c′ ) 6 count(c) − 1, (6) count(c′ ) 6 k. we have that Thus, by inductive hypothesis Since and (5), we can conclude that MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c′ , S0 , s) ∧ s 6= ⊥. This, together with (6), proves that MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. Case 1.2: c1 is a sequence of actions. Then, c2 is a case plan. Again, let us assume that c2 is the case plan. Case ϕ1 → p1 .. . ϕl → pl Endcase b σ0 ) we have that Since c is executable in σ0 and ϕ is known to be true in Φ(c, b σ0 ). It implies that ⊥= 6 Φ(c, b 1 , σ0 ). there exists j, 1 6 j 6 l, such that ϕj is known to be true in Φ(c (7) Let c′ = c1 ; pj ; c3 ; . . . ; cn . From (7), we have that b ′ , σ0 ). b σ0 ) = Φ(c Φ(c, (8) It follows from (8) and Lemma B.20 that MR ∪ BApply |= Apply(c, S0 , s) ≡ Apply(c′ , S0 , s). (9) T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 77 Since count(c′ ) 6 count(c) − 1, we have that count(c′ ) 6 k. Thus, by inductive hypothesis and (8), we can conclude that MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c′ , S0 , s) ∧ s 6= ⊥. This, together with (9), proves that MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. From the two cases 1.1 and 1.2, we can conclude that if c is executable in σ0 and ϕ is b σ0 ) then MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. known to be true in Φ(c, Case 2: MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. We will prove that c is b σ0 ). We consider two cases: executable in σ0 and ϕ is known to be true in Φ(c, Case 2.1: c1 is a case plan. Assume that c1 is the following case plan Case ϕ1 → p1 .. . ϕl → pl Endcase Since MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥, using of Lemma (B.16), we can conclude that there exists j, 1 6 j 6 l, such that MR |= Knows(ϕj , S0 ). (10) Let c′ = pj ; c2 ; . . . ; cn . Then, by Lemma B.19 and (10), we conclude that MR ∪ BApply |= Apply(c, S0 , s) ≡ Apply(c′ , S0 , s). Together with the assumption that MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥, we have that MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c′ , S0 , s) ∧ s 6= ⊥ . (11) Furthermore, from the definition of M and (10), we have that ϕj is known to be true in σ0 . This implies that b ′ , σ0 ). b σ0 ) = Φ(c Φ(c, (12) Since count(c′ ) 6 count(c) − 1, we have that count(c′ ) 6 k. Thus, by inductive hypothesis b ′ , σ0 ), and (11), we can conclude that c′ is executable in σ0 and ϕ is known to be true in Φ(c and from (12), we can conclude that c is executable in σ0 and ϕ is known to be true in b σ0 ). Φ(c, Case 2.2: c1 is a sequence of actions. Then, c2 is a case plan. Again, let us assume that c2 is the case plan. Case ϕ1 → p1 .. . ϕl → pl Endcase Similar to case 2.1, we conclude that there exists j , 1 6 j 6 l, such that MR ∪ BApply |= Knows(ϕj , s′ ) ∧ Apply(c1 , S0 , s′ ). (13) 78 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Let c′ = c1 ; pj ; c3 ; . . . ; cn . From (13) and Lemmas B.20, we have that MR ∪ BApply |= Apply(c, S0 , s) ≡ Apply(c′ , S0 , s). Hence MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c′ , S0 , s) ∧ s 6= ⊥ . (14) b 1 , σ0 ). Hence, Since c1 is a sequence of actions, we have that ϕj is known to be true in Φ(c b ′ , σ0 ). b σ0 ) = Φ(c Φ(c, (15) count(c′ ) count(c′ ) 6 count(c) − 1, we have that 6 k. Thus, by inductive Since hypothesis and (14), we conclude that c′ is executable in σ0 and ϕ is known to be true b ′ , σ0 ). This, together with (15), proves that c is executable in σ0 and ϕ is known to in Φ(c b σ0 ). be true in Φ(c, From the two cases 2.1 and 2.2, we conclude that if MR ∪ BApply |= Knows(ϕ, s) ∧ b σ0 ). Apply(c, S0 , s) ∧ s 6= ⊥ then c is executable in σ0 and ϕ is known to be true in Φ(c, The two cases 1 and 2 show that c is executable in σ0 and ϕ is known to be true in b σ0 ) iff Φ(c, MR ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥ . (16) b σ0 ) =⊥ iff MR ∪ BApply |= The proof of the third item of the lemma, i.e., Φ(c, Apply(c, S0 , ⊥) is similar to the proof of the second item of Lemma B.21 and is omitted here. This, together with (16), proves the inductive step of the lemma, and hence, proves the lemma. ✷ Proposition 3. Let D be a domain description and R(D) be the corresponding first-order theory. Let c be a conditional plan and ϕ be a fluent formula. Then, D |=AK Knows ϕ after c iff R(D) ∪ BApply |= Apply(c, S0 , s) ∧ Knows(ϕ, s) ∧ s 6= ⊥ . Proof. • Assume that D |=AK Knows ϕ after c. We will prove that R(D) ∪ BApply |= Knows(ϕ, s)∧Apply(c, S0 , s)∧ s 6= ⊥. Assume the contrary, R(D)∪BApply 6|= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. By definition, there exists a model MR of R(D) such that MR ∪ BApply 6|= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. There are two possibilities – MR ∪ BApply |= Apply(c, S0 , ⊥). Hence, by Lemma B.22, there exists a model M = b σ0 ) =⊥. This implies that D 6|=AK Knows ϕ after c. (σ0 , Φ) of D such that Φ(c, Hence, this case cannot happen. (1) – MR ∪ BApply |= Apply(c, S0 , s) ∧ s 6= ⊥ and MR ∪ BApply 6|= Knows(ϕ, s). Then, by Lemma B.22, there exists a model M of D such that M 6|= Knows ϕ after c. This implies that D 6|=AK Knows ϕ after c. This contradicts with the assumption that (2) D |=AK Knows ϕ after c. Hence, this case cannot happen too. From (1) and (2), we conclude that our assumption is incorrect, i.e., we have proved that R(D) ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. Therefore, we have that if D |=AK Knows ϕ after c then R(D) ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥ . (3) T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 79 • Assume that R(D) ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. We will prove that D |=AK Knows ϕ after c. Assume the contrary, D 6|=AK Knows ϕ after c. This means that there exists a model M = (σ0 , Φ) of D such that M 6|= Knows ϕ after c. There are two subcases: b σ0 ) = ⊥. Then, by Lemma B.21, there exists a model MR of R(D) such that – Φ(c, MR ∪ BApply |= Apply(c, S0 , ⊥). This implies that MR ∪ BApply 6|= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥, which contradicts with our assumption. Therefore, this case cannot happen. (4) b σ0 ). Then, by Lemma B.21, b σ0 ) 6= ⊥. Then, F is not known to be true in Φ(c, – Φ(c, there exists a model MR of R(D) such that MR ∪ BApply 6|= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥. This implies that R(D) ∪ BApply 6|= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥, which contradicts our assumption. Hence, this case cannot happen too. (5) From (4) and (5), we have that D |=AK Knows ϕ after c. Hence, we have that if R(D) |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥ then D |=AK Knows ϕ after c. (6) From (3) and (6), we can conclude that D |=AK Knows ϕ after c iff R(D) ∪ BApply |= Knows(ϕ, s) ∧ Apply(c, S0 , s) ∧ s 6= ⊥ . ✷ Appendix C. Soundness of ω-Approximation In this section we prove the soundness of the ω-Approximation with respect to the semantics of AK . Throughout the section, by D we denote an arbitrary but fixed domain description. We will need the following notations and lemmas. Let σ = hT , F i be an a-state and δ = hu, Σi be a c-state. We say σ agrees with δ if for every state s ∈ Σ, T ⊆ s and F ∩ s = ∅. For an a-state σ = hT , F i, by true(σ ) and false(σ ) we denote the set T and F respectively. For a sequence of actions α = a1 , . . . , an (n > 1) and a state s, by Res(α, s) we denote the state Res(an , . . . , Res(a1 , s)). Similarly Res0 (α, σ ) denotes the state Res0 (an , . . . , Res0 (a1 , σ )) where σ is an a-state and α = a1 , . . . , an . The following observations are trivial and will be used in the proofs in this section. Observation C.1. Let σ = hT , F i be an a-state and δ = hu, Σi be a grounded c-state such that σ agrees with δ, then (1) if ϕ is a fluent formula and ϕ holds in σ (σ |= ϕ), then for every s ∈ Σ, ϕ holds in s; (2) for every action a, Φ(a, δ) is a grounded c-state; (3) Σ ⊆ {true(σ ′ ) | σ ′ ∈ Comp(σ )}; (4) if α is a sequence of non-sensing actions and σ is complete, true(Res0 (α, σ )) = Res(α, true(σ )); 80 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 (5) If a sequence of non-sensing actions, α, is ω-executable in σ then α is executable in δ. The proof of Proposition 6 is based on the following lemmas. Lemma C.1. Let D be a domain description, σ be an a-state, and δ be a grounded c-state of D such that σ agrees with δ. Then, for every sequence of non-sensing actions α of D, b δ). Resω (α, σ ) agrees with Φ(α, b δ) = hŝ, Σi. b Let Proof. Assume that σ = hT , F i, δ = hs, Σi, and Φ(α, f ∈ true(Resω (α, σ )). \ true(Res0 (α, σ ′ )). ⇒f ∈ (by definition of Resω ) σ ′ ∈Comp(σ ) ⇒ ∀σ ′ ∈ Comp(σ ) ⇒ ∀σ ′ ∈ Comp(σ ) ′ Let ⇒ ∀s ∈ Σ b ⇒ ∀s ∗ ∈ Σ f ∈ true(Res0 (α, σ ′ )). f ∈ Res(α, true(σ ′ )). ′ ( by item (4), Observation C.1) f ∈ Res(α, s ). f ∈ s∗. (by item (3), Observation C.1) (1) f ∈ false(Resω (α, σ )). \ false(Res0 (α, σ ′ )). ⇒f ∈ (by definition of Resω ) σ ′ ∈Comp(σ ) ⇒ ∀σ ′ ∈ Comp(σ ) ⇒ ∀σ ′ ∈ Comp(σ ) f ∈ false(Res0 (α, σ ′ )). f∈ / Res(α, true(σ ′ )). (by item (4), Observation C.1) ⇒ ∀s ∈ Σ b ⇒ ∀s ∗ ∈ Σ f∈ / Res(α, s). f∈ / s∗. (by item (3), Observation C.1) (2) The lemma follows from (1) and (2). ✷ Lemma C.2. Let D be a domain description, σ be an a-state, and δ be a grounded c-state of D such that σ agrees with δ. Then, for every sensing action a of D that is ω-executable in σ , there exists σ ′ ∈ Φω (a, σ ) such that σ ′ agrees with Φ(a, δ). Proof. Assume that a occurs in the k-propositions: a determines f1 , . . ., a determines fn By definition, we have that K(a, σ ) = {f1 , . . . , fn }. Assume that σ = hT , F i and δ = hs, Σi. Let K1 = s ∩ K(a, σ ) and K2 = K(a, σ ) \ s. Since δ is a grounded c-state, we have that s ∈ Σ. From the assumption that σ agrees with δ, we have that T ⊆ s and F ∩ s = ∅. This, together with the definitions of K1 and K2 , implies that K1 ∩ F = ∅ and K2 ∩ T = ∅. Therefore, we have that σ ′ = hT ∪ K1 , F ∪ K2 i ∈ Φω (a, σ ). We will prove that σ ′ agrees with Φ(a, δ). Let Φ(a, δ) = hs, Σ ′ i = δ ′ . Consider an arbitrary s ′ ∈ Σ ′ . By definition of Φ(a, δ), we have that s ′ ∩ {f1 , . . . , fn } = s ∩ {f1 , . . . , fn } = K1 and {f1 , . . . , fn } \ s ′ = {f1 , . . . , fn } \ T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 81 s = K2 . Thus, K1 ⊆ s ′ and s ′ ∩ K2 = ∅. Since σ agrees with δ we have that T ⊆ s ′ and F ∩ s ′ = ∅. Therefore, T ∪ K1 ⊆ s ′ and (F ∪ K2 ) ∩ s ′ = ∅. (1) Since (1) holds for every state s ′ ∈ Σ ′ , we have that hT ∪ K1 , F ∪ K2 i agrees with hs, Σ ′ i. This proves the lemma. ✷ The next lemma is the generalization of the Lemmas C.1 and C.2 to a sequence actions consisting of both sensing and non-sensing actions. Lemma C.3. Let D be a domain description, σ be an a-state, and δ be a grounded c-state of D such that σ agrees with δ. Then, for every sequence of actions α that is ω-executable in σ , (i) α is executable in δ; and bω (α, σ ) such that σ ′ agrees with Φ(α, b δ). (ii) there exists an a-state σ ′ ∈ Φ Proof. Let ns (α) be the number of sensing actions occurring in α. We prove the lemma by induction over ns (α). Base case: ns (α) = 0, i.e., α is a sequence of non-sensing actions. Item (5) of Observation C.1 proves that α is executable in δ. Furthermore, by Lemma C.1, we have b δ). Since α = pre(α), by definition of Φ bω , we have that that Resω (α, σ ) agrees with Φ(α, b Φω (α, σ ) = Φω (α, σ ) = {Resω (α, σ )}. This proves the base case. Inductive step: Assume that the first sensing action occurring in α is a, i.e., α = β; a; γ b δ) = δ1 and Resω (β, σ ) = σ1 . Then, where β does not contain a sensing action. Let Φ(β, by Lemma C.1, σ1 agrees with δ1 . Since δ is a grounded c-state and β is a sequence of non-sensing actions, using item (2) of Observation C.1, we can easily prove that δ1 is a grounded c-state. α is ω-executable in σ implies that a; γ is ω-executable in σ1 . Hence, by Lemma C.2, a is executable in δ1 and ∃σ2 ∈ Φω (a, σ1 ) such that σ2 agrees with Φ(a, δ1) = δ2 . Again, from the assumption that α is ω-executable in σ we conclude that γ is ωexecutable in σ2 . Since ns (γ ) = ns (α) − 1, by the induction hypothesis, we conclude that bω (γ , σ2 ) such that σ3 agrees with Φ(γ b , δ2 ) = δ3 . γ is executable in δ2 and ∃σ3 ∈ Φ b From Resω (β, σ ) = σ1 , σ2 ∈ Φω (a, σ1 ), σ3 ∈ Φω (γ , σ2 ), and by definition of Φω , we have that bω (α, σ ). σ3 ∈ Φ (1) b δ) = δ3 . Φ(α, (2) b , δ2) = δ3 , and by definition of Φ, b we have that b δ) = δ1 , Φ(a, δ1) = δ2 , Φ(γ From Φ(β, Since σ3 agrees with δ3 , from (1) and (2), we can conclude the induction step. Hence, the lemma is proved. ✷ In the next lemma we extend the result of Lemma C.3 to an arbitrary conditional plan. 82 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Lemma C.4. Let D be a domain description, σ be an a-state, and δ be a grounded c-state of D such that σ agrees with δ. Then, for every conditional plan c such that c is executable in σ , (i) c is executable in δ; and bω (c, σ ) such that σ ′ agrees with Φ(c, b δ). (ii) there exists an a-state σ ′ ∈ Φ Proof. By Observation 3.1, we know that c can be represented as a sequence of conditional plans c1 ; . . . ; cn where ci is either a sequence of actions or a case plan and for every i < n if ci is a sequence of actions then ci+1 is a case plan. We prove the lemma by induction over count(c), the number of case plans in c. The base case, count(c) = 0, is proved by Lemma C.3. We now prove the inductive step, i.e., assume that the lemma is shown for count(c) 6 k, we prove the lemma for count(c) = k + 1. We consider two cases: (a) c1 is a case plan. Assume that c1 is the following plan Case ϕ1 → p1 .. . ϕl → pl Endcase bω (c, σ ) we can conclude that there exists j , 1 6 j 6 l, From the assumption that ⊥∈ /Φ bω we have that such that ϕj holds in σ . Let c′ = pj ; c2 . . . ; cn . Then, by definition of Φ bω (c′ , σ ). bω (c, σ ) = Φ Φ (1) (c′ , σ ). bω Since count(c) > Hence, ⊥∈ /Φ inductive hypothesis, we have that count(c′ ) + 1, we have that count(c′ ) bω (c′ , σ ) such that c′ is executable in δ and there exists a state σ ′ ∈ Φ ′ ′ b , δ). σ agrees with Φ(c 6 k. By (2) Since σ agrees with δ and ϕj holds in σ , we can conclude that ϕj holds in δ, which implies that c is executable in δ and b δ) = Φ(c b ′ , δ). Φ(c, (3) bω (c, σ ) and agrees with Φ(c, b δ). This proves From (3), (2), and (1), we have that ∈ Φ the lemma for the case (a). b and Φ bω , (b) c1 is a sequence of actions. Let c′ = c2 ; . . . ; cn . Then, by definitions of Φ b 1 , δ)) and b δ) = Φ(c b ′ , Φ(c we have that Φ(c, [ bω (c′ , σ ′ ). bω (c, σ ) = (4) Φ Φ bω (c1 ,σ ) σ ′ ∈Φ σ′ σ′ Since σ agrees with δ and δ is a grounded c-state, by Lemma C.3, we know that there bω (c1 , σ ) such that σ1 agrees with Φ(c b 1 , δ). Since c is ω-executable in exists a state σ1 ∈ Φ σ we have that c′ is ω-executable in σ1 . Furthermore, since c′ starts with a case plan and count(c′ ) = k + 1, from the first case, we can conclude that T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 b 1 , δ) and there exists a state c1 is executable in δ and c′ is executable in Φ(c ′ ′ ′ b b b 1 , δ)). σ ∈ Φω (c , σ1 ) such that σ agrees with Φ(c′ , Φ(c 83 (5) bω (c, σ ) and σ ′ agrees with From (4) and (5), we have that c is executable in δ, σ ′ ∈ Φ b 1 , δ)) = Φ(c, b δ). Hence the inductive step is proved for case (b). b ′ , Φ(c Φ(c The inductive step follows from the above two cases. ✷ We are now ready to prove the Proposition 6. Proposition 6 (Soundness of ω-Approximation with respect to |=AK ). Let D be a domain description, ϕ be a fluent formula, and c be a conditional plan. Then, if D |=ω Knows ϕ after c then D |=AK Knows ϕ after c. Proof. Let σ0 be the initial a-state of D and δ0 be a grounded initial c-state of D. By definition of σ0 and δ0 , we have that σ0 agrees with δ0 . (1) From D |=ω Knows ϕ after c, by definition of |=ω , we have that bω (c, σ0 ), and ⊥∈ /Φ bω (c, σ0 ), ϕ holds in σ ′ . for every σ ′ ∈ Φ (2) (3) and bω (c, σ0 ), such that σ ′ agrees with Φ(c, b δ0 ). there exists a state ∈ Φ b δ0 ). This, together with (4), implies that ϕ is known to be true in Φ(c, (4) By Lemma C.4, (1)–(3), we have that c is executable in δ0 , σ′ (5) (4) and (5) hold for every model (δ0 , Φ) of D. This implies that D |=AK Knows ϕ after c. The proposition is proved. ✷ Appendix D. Proof of the regression proposition In this section, we prove the regression proposition. For shorter notation, we write σ |= ϕ (respectively σ 6|= ϕ ) to denote that ϕ holds in σ (respectively ϕ does not hold in σ ). We first prove several lemmas that we will use in the proof. Lemma D.1. Let f be a fluent literal, a be an action, and s be a state. Assume that a is executable in s. Then, f holds in Res(a, s) iff Regression(f, a) holds in s. Proof. Consider the case that a is a non-sensing action and f is a fluent. Assume that ′ are a causes f if ̺1 , . . . , a causes f if ̺n , and a causes ¬f if ̺1′ , . . . , a causes ¬f if ̺m the ef-propositions in D whose action is a. Then, we have that V W ′ Regression(f, a) = ni=1 ̺i ∨ (f ∧ m i=1 ¬̺i ) holds in s iff there exists an ef-proposition a causes f if ̺ in D such that ̺ holds in s or 84 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 f holds in s and there exists no ef-proposition a causes ¬f if ̺′ in D such that ̺′ holds in s / Ea− (s)) iff f ∈ Ea+ (s) or (f ∈ s and f ∈ iff f ∈ s ∪ Ea+ (s) \ Ea− (s) iff f holds in Res(a, s). Similarly, we can prove that (1) also holds when f is a negative fluent literal. (1) (2) Consider the case that a is a sensing action. Then, we have that Res(a, s) = s (recall that we assume that the set of sensing actions and non-sensing actions are disjoint) and, Regression(f, a) = f. Thus, the lemma is trivial for this case. (3) The lemma follows from (1)–(3). ✷ The next corollary follows immediately from Lemma D.1 and the fact that ! n n ^ ^ Regression(fi , a). fi , a = Regression i i Corollary D.1. For a conjunction of fluent literals ϕ, an action a, a state s such that a is executable in s, ϕ holds in Res(a, s) iff Regression(ϕ, a) holds in s. Lemma D.2. Let ϕ be a fluent formula, a be an action, and s be a state such that a is executable in s. Then, ϕ holds in Res(a, s) iff Regression(ϕ, a) holds in s. Proof. Since W every Boolean expression can be represented by a CNF formula, we assume that ϕ = i ϕi where each ϕi is a conjunction of fluent literals. Thus the lemma follows directly from Corollary D.1 and the fact that ! n n _ _ ϕi , a = Regression(ϕi , a). ✷ Regression i i Lemma D.3. Let ϕ be a fluent formula, a be an action, and σ = hs, Σi be a grounded c-state. Assume that a is executable in every state belonging to Σ. 11 Then, • if Regression(Knows(ϕ), a) holds in σ then Knows(ϕ) holds in Φ(a, σ ); and • if Regression(Knows(ϕ), a) does not hold in σ then Knows(ϕ) does not hold in Φ(a, σ ). Proof. Consider the case a is a non-sensing action. Then, we have that Regression (Knows(ϕ), a) = Knows(Regression(ϕ, a)). • Regression(Knows(ϕ), a) holds in σ implies that Regression(ϕ, a) holds in every state s ′ ∈ Σ. This implies that ϕ holds in Res(a, s ′ ) for every state s ′ ∈ Σ such that a is executable in s ′ (Lemma D.1). Therefore, Knows(ϕ) holds in Φ(a, Σ). 11 This implies that a is executable in s since σ is a grounded c-state. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 85 • Regression(Knows(ϕ), a) does not hold in σ means that there exists s ′ ∈ Σ such that Regression(ϕ, a) does not hold in s ′ . Since a is executable in s ′ , by Lemma D.1, we conclude that ϕ does not hold in Res(a, s ′ ). This implies that Knows(ϕ) does not hold in Φ(a, σ ). Consider the case a is a sensing action that senses a fluent g, 12 we have that Regression(ϕ, a) = ϕ and Φ(a, σ ) = hs, Σ ′ i where Σ ′ ⊆ Σ and each state s ′ in Σ ′ agrees with s on g. • Regression(Knows(ϕ), a) = (g→Knows(g→ϕ)) ∧ (¬g→Knows(¬g→ϕ)) holds in σ implies that g ∈ s (respectively g ∈ / s) implies that Knows(g→ϕ) (respectively Knows(¬g→ϕ)) holds in σ . So, if g ∈ s (respectively g ∈ / s) then g ∈ s ′ (respectively ′ ′ ′ g∈ / s ) implies that ϕ holds in s for every s ∈ Σ. In other words, for every s ′ ∈ Σ, if s and s ′ agree on g then ϕ holds in s ′ . Hence, ϕ is known to be true in Φ(a, σ ), i.e., Knows(ϕ) holds in Φ(a, σ ). • Regression(Knows(ϕ), a) = (g→Knows(g→ϕ)) ∧ (¬g→Knows(¬g→ϕ)) does not hold in σ implies that either (i) (g→Knows(g→ϕ)) does not hold in σ or (ii) (¬g→Knows(¬g→ϕ)) does not hold in σ . Let us assume that g→Knows(g→ϕ) does not hold in σ , i.e., (i) holds. This means that g holds in σ but Knows (g→ϕ) does not. So, there exists a state s ′ in Σ such that g ∈ s ′ and ϕ does not hold in s ′ or for every s ′ in Σ, g ∈ / s ′ . The first case implies that Knows (ϕ) does not hold in Φ(a, σ ). The second case is impossible because σ is a grounded c-state. Thus if (i) holds then Knows (ϕ) does not hold in Φ(a, σ ). Similarly, if (ii) holds, we can show that Knows (ϕ) does not hold in Φ(a, σ ). The lemma follows from the above two cases. ✷ Lemma D.4. For a c-formula ϕ ∗ , an action a, and a grounded c-state σ = hs, Σi such that a is executable in every state belonging to Σ, • if σ |= Regression(ϕ ∗ , a) then Φ(a, σ ) |= ϕ ∗ ; and • if σ 6|= Regression(ϕ ∗ , a) then Φ(a, σ ) 6|= ϕ ∗ . Proof. Follows from Lemmas D.3 and the fact that each c-formula ϕ ∗ can be WnD.2 and ∗ represented by a disjunction i=1 ϕi where ϕi∗ is a conjunction of fluent literals and kformulas of the form Knows(̺) for some fluent formula ̺. ✷ Lemma D.5. Let ϕ be a c-formula and c be a conditional plan. Then, Regression(ϕ, c) is a c-formula. Proof. The proof is done inductively over count(c), the number of case plans in c. The base case, c is a sequence of actions, follows immediately from items (1)–(4) and the first two sub-items of item (5) of the definition of the regression formulas. The inductive step follows from inductive hypothesis and the last two sub-items of item (5) of the definition of the regression formulas. ✷ 12 The proof for the case when a senses more than one fluent g , . . . , g is similar and is omitted here. n 1 86 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Lemma D.6. For a c-formula ϕ, an action sequence α, and a grounded c-state σ such that α is executable in every grounded c-state σ ′ = hs ′ , Σ ′ i where Σ ′ ⊆ Σ, b σ ) |= ϕ; and • if σ |= Regression(ϕ, α) then Φ(α, b σ ) 6|= ϕ. • if σ 6|= Regression(ϕ, α) then Φ(α, Proof. Induction over |α|, the length of α. b σ) = Base case: |α| = 0, i.e., α = []. Then, we have that Regression(ϕ, []) = ϕ and Φ([], σ . The lemma is trivial. (Notice that for |α| = 1, the lemma follows from Lemma D.4.) The base case is proved. Inductive step: Assume that we have proved the lemma for |α| = n. We need to prove the lemma for |α| = n + 1. Let α = β; a. Then, we have that |β| = n. We have that Regression(ϕ, β; a) = Regression(ϕ, β; a) = (Regression(ϕ, a), β). By inductive hypothesis we have that: b σ ) |= Regression(ϕ, a). Thus, by Lemma D.4, • If σ |= Regression(ϕ, α) then Φ(β, b b Φ(a, Φ(β, σ )) |= ϕ, i.e., Φ(α, σ ) |= ϕ. b σ ) 6|= Regression(ϕ, a). Again, by Lemma D.4, • If σ 6|= Regression(ϕ, α) then Φ(β, b b σ ) 6|= ϕ. we have that Φ(a, Φ(β, σ )) 6|= ϕ, i.e., Φ(α, Lemma D.7. For a c-formula ϕ, a grounded c-state σ = hs, Σi, and a conditional plan c such that c is executable in every c-state σ ′ = hs ′ , Σ ′ i where Σ ′ ⊆ Σ, b σ ) |= ϕ; and • if σ |= Regression(ϕ, c) then Φ(c, b σ ) 6|= ϕ. • if σ 6|= Regression(ϕ, c) then Φ(c, Proof. As in previous proofs related to conditional plans, we assume that c is a sequence of conditional plans c1 ; . . . ; cn where ci is either a sequence of actions or a case plan and for every i < n if ci is a sequence of actions then ci+1 is a case plan. We prove the lemma by induction over count(c), the number of case plans in c. Base case: count(c) = 0. Then, c is a sequence of actions. The base case follows from Lemma D.6. Inductive step: Assume that we have proved the lemma for count(c) 6 k. We need to prove the lemma for count(c) = k + 1. By construction of c, we have two cases: Case 1: cn is a case plan of the form Case ϕ1 → p1 .. . ϕl → pl Endcase Let c′ = c1 ; . . . ; cn−1 . We have that Regression(ϕ, c′ ; cn ) = Regression(Regression(ϕ, cn ), c′ ). Since count(c) = count(c′ ) + count(cn ) and count(cn ) > 1, we have that count(c′ ) 6 k. Furthermore, by Lemma D.5, we have that Regression(ϕ, cn ) is a c-formula. Consider two cases: T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 87 Case 1.1: σ |= Regression(ϕ, c). By inductive hypothesis (for Regression(ϕ, cn ), σ , and b ′ , σ ) |= Regression(ϕ, cn ). c′ ), we have that Φ(c ′ b Let δ = Φ(c , σ ). Since c is executable in σ we conclude that there exists some j (1 6 j 6 l) such that δ |= Knows (ϕj ) and δ 6|= Knows (ϕi ) for i 6= j . This, together W with the fact that Regression(ϕ, cn ) = li=1 (Knows (ϕi ) ∧ Regression(ϕ, pi )), implies that δ |= Knows (ϕj ) ∧ Regression(ϕ, pj ). Hence, δ |= Regression(ϕ, pj ). Applying the b j , δ) |= ϕ. inductive hypothesis one more time (for ϕ, δ, and pj ), we can conclude that Φ(p b ′ , σ )) = Φ(p b j , δ), we have that b n , Φ(c Since Φ(c b ′ , σ )) |= ϕ, b n , Φ(c Φ(c b σ ) |= ϕ. i.e., Φ(c, (1) b ′ , σ )) 6|= ϕ, b n , Φ(c Φ(c b σ ) 6|= ϕ. i.e., Φ(c, (2) Case 1.2: σ 6|= Regression(ϕ, c). Again, by inductive hypothesis (for Regression(ϕ, cn ), b ′ , σ ) 6|= Regression(ϕ, cn ). σ , and c′ ), we have that Φ(c ′ b , σ ). Since c is executable in σ we conclude that there exists some j Let δ = Φ(c (1 6 j 6 l) such that δ |= Knows (ϕj ) and δ 6|= Knows (ϕi ) for i 6= j . This, together W with the fact that Regression(ϕ, cn ) = li=1 (Knows (ϕi ) ∧ Regression(ϕ, pi )), implies that δ 6|= Knows (ϕj ) ∧ Regression(ϕ, pj ). Hence, δ 6|= Regression(ϕ, pj ). Applying the b j , δ) 6|= ϕ. Since inductive hypothesis one more time (for ϕ, δ, and pj ), we have that Φ(p b ′ , σ )) = Φ(p b j , δ), we have that b n , Φ(c Φ(c The inductive step for case 1 follows from (1) and (2). Case 2: cn is a sequence of actions. Let c′ = c1 ; . . . ; cn−1 . We have that Regression(ϕ, c′ ; cn ) = Regression(Regression(ϕ, cn ), c′ ). It follows from Observation 3.1 that cn−1 is a case plan. By case 1 and the inductive hypothesis, (for Regression(ϕ, cn ), σ , and c′ ), we have that: b ′ , σ ) |= Regression(ϕ, cn ). Then, by Lemma D.6 • If σ |= Regression(ϕ, c) then Φ(c ′ b n , Φ(c b ′ , σ )) |= ϕ, i.e., Φ(c, b σ ) |= b , σ ), and cn ), we can conclude that Φ(c (for ϕ, Φ(c ϕ. b ′ , σ ) 6|= Regression(ϕ, cn ). Again, by Lemma D.6, • If σ 6|= Regression(ϕ, c) then Φ(c ′ b b σ ) 6|= ϕ. b we have that Φ(cn , Φ(c , σ )) 6|= ϕ, i.e., Φ(c, This proves the inductive step and hence, the lemma is proved. ✷ We now prove Proposition 8. Proposition 8. Given a domain description D, let ϕ be a c-formula, and σ1 , . . . , σn be the set of grounded initial c-states of D, and c be a conditional plan that is executable in all the grounded initial c-states of D. Then, b σj ) |= ϕ. ∀i, 1 6 i 6 n, σi |= Regression(ϕ, c) iff ∀j, 1 6 j 6 n, Φ(c, Proof. Let σi = hs, Σi be a grounded initial c-state of D. It is easy to see that each grounded c-state hs ′ , Σ ′ i where Σ ′ ⊆ Σ is also a grounded initial c-state of D. Thus, by the first item of Lemma D.7, we have that b σj ) |= ϕ. if σi |= Regression(ϕ, c) then Φ(c, (1) 88 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 Using the second item of Lemma D.7, we can prove that b σj ) |= ϕ then σi |= Regression(ϕ, c). if Φ(c, (2) The conclusion of the lemma follows from the fact that (1) and (2) hold for every i, 1 6 i 6 n. ✷ Appendix E. Overview of nested circumscription Nested Abnormality Theories (NATs) is a novel circumscription [32,39] technique introduced by Lifschitz [33]. With NATs it is possible to circumscribe several predicates each with respect to only parts of the theory of interest, as opposed to previous techniques such as parallelized and circumscription theories where the circumscription must be done with respect to all of the axioms in the underlying theory. Furthermore, all the complications arising from the interaction of multiple circumscription axioms in a theory are avoided in NATs with the introduction of blocks. A block is characterized by a set of axioms A1 , . . . , An —possibly containing the abnormality predicate Ab—which ‘describe’ a set of predicate/function constants C1 , . . . , Cm . The notation for such a theory is {C1 , . . . , Cm : A1 , . . . , An }, (E.1) where each Ai may itself be a block of form (E.1). The ‘description’ of C1 , . . . , Cm by a block may depend on other descriptions in embedded blocks. Interference between circumscription in different blocks is prevented by replacing a predicate Ab with an existentially quantified variable. Lifschitz’s idea is to make Ab ‘local’ to the block where it is used, since abnormality predicates play only an auxiliary role, i.e. the interesting consequences of the theory are those which do not contain Ab. The next section contains the formal definitions of this concepts. The following definitions are from [33]. Let L be a second-order language which does not include Ab. For every natural number k, let Lk be the language obtained by adding the k-ary predicate constant Ab to L. {C1 , . . . , Cm : A1 , . . . , An } is a block if each C1 , . . . , Cm is a predicate or a function constant of L, and each A1 , . . . , An is a formula of Lk or a block. A Nested Abnormality Theory is a set of blocks. The semantics of NATs is characterized by a mapping ϕ from blocks into sentences of L. If A is a formula of language Lk , ϕA stands for the universal closure of A, otherwise ϕ{C1 , . . . , Cm : A1 , . . . , An } = (∃ab)F (ab), where F (Ab) = CIRC[ϕA1 ∧ · · · ∧ ϕAn ; Ab; C1, . . . , Cm ]. Recall that CIRC[T ; P ; Q], means circumscription of the theory T , by minimizing the predicates in P , and varying the objects in Q. For any NAT T , ϕT stands for {ϕA | A ∈ T }. A model of T is a model of ϕT in the sense of classical logic. A consequence of T is a sentence φ of language L that is true in all models of T . In this paper, as suggested in [33], we use the abbreviation {C1 , . . . , Cm , min P : A1 , . . . , An } T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 89 to denote blocks of the form {C1 , . . . , Cm , P : P (x) ⊃ Ab(x), A1, . . . , An }. As the notation suggests, this type of block is used when it is necessary to circumscribe a particular predicate P in a block. In [33] it is shown that ϕ{C1 , . . . , Cm , min P : A1 , . . . , An } is equivalent to the formula CIRC[A1 ∧ · · · ∧ An ; P ; C1 , . . . , Cm ], when each Ai is a sentence. References [1] C. Baral, Reasoning about actions: Non-deterministic effects, constraints and qualification, in: Proc. IJCAI95, Montreal, Quebec, 1995, pp. 2017–2023. [2] C. Baral, M. Gelfond, Representing concurrent actions in extended logic programming, in: Proc. IJCAI-93, Chambéry, France, 1993, pp. 866–871. [3] C. Baral, M. Gelfond, Reasoning about effects of concurrent actions, J. Logic Programming 31 (1–3) (1997) 85–117. [4] C. Baral, M. Gelfond, A. Provetti, Representing actions: Laws, observations and hypothesis, J. Logic Programming 31 (1–3) (1997) 201–243. [5] C. Baral, A. Gabaldon, A. Provetti, Formalizing narratives using nested circumscription, Artificial Intelligence 104 (1–2) (1998) 107–164. [6] A. Barrett, K. Golden, J. Penberthy, D. Weld, UCPOP User’s Manual, Version 2.0, Technical Report 93-0906, Department of Computer Science and Engineering, University of Washington, Seattle, WA, 1993. [7] F. Bacchus, J. Halpern, H. Levesque, Reasoning about noisy sensors in the situation calculus, in: Proc. IJCAI-95, Montreal, Quebec, 1995, pp. 1933–1940. [8] C. Baral, V. Kreinovich, R. Trejo, Planning and approximate planning in presence of incompleteness, in: Proc. IJCAI-99, Stockholm, Sweden, 1999, pp. 948–953. [9] C. Baral, T. Son, Formalizing sensing actions: A transition function based approach, Technical Report, Department of Computer Science, University of Texas at El Paso, TX, 1998, http://cs.utep.edu/ chitta/chitta.html. [10] Y. Dimopoulos, B. Nebel, J. Koehler, Encoding planning problems in non-monotonic logic programs, in: Proc. European Conference on Planning, 1997, pp. 169–181. [11] O. Etzioni, S. Hanks, D. Weld, D. Draper, N. Lesh, M. Williamson, An approach to planning with incomplete information, in: Proc. Internat. Conference on the Principles of Knowledge Representation and Reasoning (KR-92), Cambridge, MA, 1992, pp. 115–125. [12] E. Erdem, V. Lifschitz, Transformations of logic programs related to causality and planning, in: Proc. 5th International Conference on Logic Programming and Non-monotonic Reasoning, 1999. [13] E. Erdem, Application of logic programming to planning: Computational experiments; draft (http://www. cs.utexas.edu/tag). [14] R. Fagin, J. Halpern, Y. Moses, M. Vardi, Reasoning about Knowledge, MIT Press, Cambridge, MA, 1995. [15] R. Goldman, M. Boddy, Representing uncertainity in simple planners, in: Proc. Internat. Conference on the Principles of Knowledge Representation and Reasoning (KR-94), Bonn, Germany, 1994, pp. 238–245. [16] R. Goldman, M. Boddy, Expressive planning and explicit knowledge, in: Proc. AIPS-96, 1996, pp. 110–117. [17] M. Gelfond, Strong introspection, in: Proc. AAAI-91, Anaheim, CA, 1991, pp. 386–391. [18] K. Golden, O. Etzioni, D. Weld, Planning with execution and incomplete informations, Technical Report, TR96-01-09, Department of Computer Science, University of Washington, Seattle, WA, February 1996. [19] E. Giunchiglia, G. Kartha, V. Lifschitz, Representing action: Indeterminacy and ramifications, Artificial Intelligence 95 (1997) 409–443. 90 T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 [20] M. Gelfond, V. Lifschitz, Representing actions in extended logic programs, in: Proc. Joint International Conference and Symposium on Logic Programming, 1992, pp. 559–573. [21] M. Gelfond, V. Lifschitz, Representing actions and change by logic programs, J. Logic Programming 17 (2– 4) (1993) 301–323. [22] K. Golden, Planning and knowledge representation for softbots, Ph.D. Thesis, University of Washington, Seattle, WA, November 1997. [23] K. Golden, D. Weld, Representing sensing actions: The middle ground revisited, in: Proc. Internat. Conference on the Principles of Knowledge Representation and Reasoning (KR-96), Cambridge, MA, 1996, pp. 174–185. [24] L. Haas, A syntactic theory of belief and action, Artificial Intelligence 28 (1986) 245–292. [25] G. Kartha, Soundness and completeness theorems for three formalizations of action, in: Proc. IJCAI-93, Chambéry, France, 1993, pp. 724–729. [26] G. Kartha, V. Lifschitz, Actions with indirect effects: Preliminary report, in: Proc. Internat. Conference on the Principles of Knowledge Representation and Reasoning (KR-94), Bonn, Germany, 1994, pp. 341–350. [27] H. Kautz, D. McAllester, B. Selman, Encoding plans in propositional logic, in: Proc. Internat. Conference on the Principles of Knowledge Representation and Reasoning (KR-96), Cambridge, MA, 1996, pp. 374–384. [28] K. Krebsbach, D. Olawsky, M. Gini, An empirical study of sensing and defaulting in planning, in: Proc. 1st Conference of AI Planning Systems, 1992, pp. 136–144. [29] H. Kautz, B. Selman, Planning as satisfiability, in: Proc. ECAI-92, Vienna, Austria, 1992, pp. 359–363. [30] H. Kautz, B. Selman, Unifying sat-based and graph-based planning, in: Proc. IJCAI-99, Stockholm, Sweden, 1999, pp. 318–325. [31] H. Levesque, What is planning in the presence of sensing?, in: Proc. AAAI-96, Portland, OR, 1996, pp. 1139–1146. [32] V. Lifschitz, Circumscription, in: D.M. Gabbay, C.J. Hogger, J.A. Robinson (Eds.), The Handbook of Logic in AI and Logic Programming, Vol. 3, Oxford University Press, Oxford, 1994, pp. 298–352. [33] V. Lifschitz, Nested abnormality theories, Artificial Intelligence 74 (1995) 351–365. [34] V. Lifschitz, Two components of an action language, Ann. Math. Artificial Intelligence 21 (2–4) (1997) 305–320. [35] F. Lin, Embracing causality in specifying the indirect effects of actions, in: Proc. IJCAI-95, Montreal, Quebec, 1995, pp. 1985–1993. [36] F. Lin, R. Reiter, State constraints revisited, J. Logic Comput. 4 (5) (1994) 655–678. [37] F. Lin, Y. Shoham, Concurrent actions in the situation calculus, in: Proc. AAAI-92, San Jose, CA, 1992, pp. 590–595. [38] J. Lobo, S. Taylor, G. Mendez, Adding knowledge to the action description language A, in: Proc. AAAI-97, Providence, RI, 1997, pp. 454–459. [39] J. McCarthy, Applications of circumscription to formalizing common sense knowledge, Artificial Intelligence 26 (3) (1986) 89–116. [40] R. Moore, Reasoning about knowledge and action, Ph.D. Thesis, MIT, Cambridge, MA, 1979. [41] R. Moore, A formal theory of knowledge and action, in: J. Hobbs, R. Moore (Eds.), Formal Theories of the Commonsense World, Ablex, Norwood, NJ, 1985. [42] R. Miller, M. Shanahan, Narratives in the situation calculus, J. Logic Comput. 4 (5) (1994) 513–530. [43] N. McCain, H. Turner, A causal theory of ramifications and qualifications, in: Proc. IJCAI-95, Montreal, Quebec, 1995, pp. 1978–1984. [44] L. Pryor, G. Collins, Planning for contingencies: A decision-based approach, J. AI Res. 4 (1996) 287–339. [45] E. Pednault, ADL and the state-transition model of actions, J. Logic Comput. 4 (5) (1994) 467–513. [46] M. Peot, D. Smith, Conditional non-linear planning, in: Proc. 1st Conference of AI Planning Systems, 1992, pp. 189–197. [47] R. Reiter, The frame problem in the situation calculus: A simple solution (sometimes) and a completeness result for goal regression, in: V. Lifschitz (Ed.), Artificial Intelligence and Mathematical Theory of Computation, Academic Press, New York, 1991, pp. 359–380. [48] R. Reiter, Knowledge in Action: Logical Foundation for Describing and Implementing Dynamical Systems, MIT Press, Cambridge, MA, 1998, Manuscript. [49] R. Scherl, H. Levesque, The frame problem and knowledge producing actions, in: Proc. AAAI-93, Washington, DC, 1993, pp. 689–695. T.C. Son, C. Baral / Artificial Intelligence 125 (2001) 19–91 91 [50] D. Smith, D. Weld, Conformant graphplan, in: Proc. AAAI-98, Madison, WI, 1998. [51] T.C. Son, Reasoning about sensing actions and its application to diagnostic problem solving, Ph.D. Thesis, University of Texas at El Paso, TX, 2000. [52] H. Turner, Signed logic programs, in: Proc. 1994 International Symposium on Logic Programming, 1994, pp. 61–75. [53] H. Turner, Representing actions in logic programs and default theories, J. Logic Programming 31 (1–3) (1997) 245–298. [54] D. Weld, C. Anderson, D. Smith, Extending graphplan to handle uncertainity and sensing actions, in: Proc. AAAI-98, Madison, WI, 1998, pp. 897–904. [55] D. Weld, An introduction to least commitment planning, AI Magazine 15 (4) (1994) 27–61.