23. – 28. November 2014, Dagstuhl Seminar 14482

Automated Planning and Model Checking


Alessandro Cimatti (Bruno Kessler Foundation – Trento, IT)
Stefan Edelkamp (Universität Bremen, DE)
Maria Fox (King's College London, GB)
Erion Plaku (CUA – Washington, US)


Daniele Magazzeni (King's College London, GB)

1 / 2 >

Auskunft zu diesem Dagstuhl Seminar erteilt

Dagstuhl Service Team


Dagstuhl Report, Volume 4, Issue 11 Dagstuhl Report
Gemeinsame Dokumente
Programm des Dagstuhl Seminars [pdf]


In the area of formal methods, model checking deals with the problem of fully-automated property validation and correctness verification. Given a formal model of a system and a property specification, the task is to explore the state space and verify whether or not the property is satisfied by the model. In artificial intelligence, automated planning deals with the automatic generation of plans for achieving a goal. Given the description of the initial state, the goal state, and the set of possible actions, a planner uses heuristic search to look for a sequence of actions that transforms the initial state into the goal state.

There has been a lot of work on the exchanges between the two areas (automated planning and model checking), based on the observation that a model-checking problem can be cast as a planning problem, where the goal state is a state violating the property to be verified in the model-checking problem. Thus, if a plan is found by the planner, it corresponds to error trace that a model checker would return (this paradigm is called directed model checking). The link can also be exploited in the other way around, using a model checker to search the planning state space, stopping the search when a goal state is found (this paradigm is called planning via model checking).

The general aim of this Dagstuhl Seminar was to increase the synergy between the two research communities. This involved sharing views, thoughts and contributions across the following streams:

  • Techniques and Tools: During the seminar we considered the most recent advances in automated planning and model checking and explored the possibility of using recent planning tools (heuristic search, sampling-based motion-planning algorithms, symbolic search algorithms, ...) for system falsification (particularly in challenging domains such as hybrid systems) and for boosting the use of model checking systems for finding plans.
  • Modelling Languages: One of the goals of the seminar was to consider the family of PDDL languages and the formalisms for describing verification problems and discuss how to make the communication between the two areas easier, exploring the possibility of common languages or translation between existing formalisms.

There were a number of talks on "X" Modulo Theories, where "X" ranged from SAT and Search to Planning. These talks explored the relationship between generic solution methods and different proof systems, leading to discussions about the relative benefits of viewing problems from the perspectives of the different generic methods. This fostered an improved understanding of each other's perspectives and modelling approaches.

Discussions also focused on relationships between hybrid planning and hybrid model-checking. There were tutorials on the modelling languages used in the two paradigms, and their semantics, and the discrepancies between these led to lively discussion. In hybrid planning using PDDL, a key semantic issue is the use of epsilon time to separate inter-dependent actions, in order to prevent the planner from relying on synchronised activity. For example, if an action, A, achieves the precondition of another action, B, the validity of the plan depends on A being ordered strictly before B, by at least epsilon time. This is because the state following the co-occurrence of these two actions is indeterminate. The model-checking community does not require this epsilon. In hybrid model-checking a partial order on events is maintained, and there was an extended discussion about why planning forces an ordering using epsilon separation when this is not necessary in model-checking. From this discussion the following distinction emerged: model-checking simply requires there to be a single ordering of events that is consistent with the constraints, as this provides the required counter-example to the correctness of the model. In planning, by contrast, all orderings of events must be consistent with the constraints, requiring exponential work to check the validity of a partially ordered plan. Once this point was understood there was a greater common understanding between the planning and model-checking proponents, and greater appreciation of the crossover between modelling languages and methods.

Other topics covered by the contributed talks include:

  • directed model checking and falsification
  • plan validation
  • heap and other data structures
  • GPU-based state space exploration
  • hybrid systems
  • heuristic search
  • planning and verification on real-world scenarios

The program featured the following components:

  • On Monday we started with 7 tutorial-type introductory talks about plans validation, planning in hybrid systems through model checking, guided search for hybrid systems, falsification of hybrid systems through motion planning, planning via symbolic model checking, directed model checking of timed systems, heap implementations. The purpose of these tutorials was to familiarise members of the different communities with the basics of the other fields and with the existing synergies between the fields.
  • From Tuesday, each day featured one or two long talks plus a number of short talks, with enough time for discussion after each talk.
  • On Tuesday and Thursday afternoon we had two open discussion sessions.
  • Wednesday afternoon featured a hike.

A feature of this seminar was the very high level of engagement and interaction between the participants, leading to a lively and productive week. The decision not to formalise discussions into panels or break-out sessions proved to be a good one, allowing more flexible response to topics as they arose. Similarly, the decision to leave some of the talk slots open allowed spontaneous pursuit of ideas that came out of discussions. The mixture of long and short talks also encouraged this. The workshop ended on a high note, with many new ideas for collaboration having been identified.

  Creative Commons BY 3.0 Unported license
  Alessandro Cimatti and Stefan Edelkamp and Maria Fox and Daniele Magazzeni and Erion Plaku


  • Artificial Intelligence / Robotics
  • Verification / Logic


  • Model Checking
  • Automated Planning
  • State Explosion Problem
  • Heuristic Search
  • Symbolic Search
  • Motion Planning


Bücher der Teilnehmer 

Buchausstellung im Erdgeschoss der Bibliothek

(nur in der Veranstaltungswoche).


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von
Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.