Compiling Causal Theories to Successor State Axioms and STRIPS-Like Systems

We describe a system for specifying the effects of actions. Unlike those commonly used in AI planning, our system uses an action description language that allows one to specify the effects of actions using domain rules, which are state constraints that can entail new action effects from old ones. Declaratively, an action domain in our language corresponds to a nonmonotonic causal theory in the situation calculus. Procedurally, such an action domain is compiled into a set of logical theories, one for each action in the domain, from which fully instantiated successor state-like axioms and STRIPS-like systems are then generated. We expect the system to be a useful tool for knowledge engineers writing action specifications for classical AI planning systems, GOLOG systems, and other systems where formal specifications of actions are needed.


Introduction
We describe a system for generating action effect specifications from a set of domain rules and direct action effect axioms, among other things. We expect the system to be a useful tool for knowledge engineers writing action specifications for classical AI planning systems, GOLOG systems (Levesque et al., 1997), and other systems where formal specifications of actions are needed.
To motivate, consider the language used by STRIPS (Fikes & Nilsson, 1971) for describing the effects of actions. Briefly speaking, an action is described in this language by a first-order formula, called its precondition that describes the condition under which the action is executable, an add list that enumerates the propositions that the action will make true when successfully executed in a situation, and a delete list that enumerates the propositions that the action will make false when successfully executed in a situation. While the original STRIPS allowed the precondition and the elements of the two lists to be complex formulas, STRIPS actions now refer only to those whose precondition is given by a conjunction of atomic formulas and whose add and delete lists are lists of atomic formulas. It is widely acknowledged that this language is inadequate for describing actions in the real world. One of the limitations, the one that we address in this paper, is that with the language, one has to enumerate all possible effects of an action, a difficult if not impossible task for complex domains. For example, given a large C program, it is hard to figure out the effects of changing the value of a pointer on the values of all other pointers in the program. However, the underlying principle is very simple: when the value of a pointer changes, the values of all other pointers that point to the same memory location change as well. Put another way, the direct effect of the action of changing the value of a pointer to x is that the value of the pointer will be x. The indirect or side effects of this action are those derived from the constraint which says that if two pointers point to a common location, then their values must be the same.
This idea of specifying the effects of actions using domain constraints is like "engineering from first principle", and has many advantages. First of all, constraints are action independent, and work on all actions. Secondly, if the effects of actions derived from domain constraints agree with one's expectation, then this will be a good indication that one has axiomatized the domain correctly. Finally, domain constraints can be used for other purposes as well. For instance, they can be used to check the consistency of the initial situation database. In general, when a set of sentences violates a domain constraint, we know that no legal situation can satisfy this set of sentences. This idea can and has been used in planning to prune impossible states. Recently, there have even been efforts at "reverse engineering" domain constraints from STRIPS-like systems to speed up planners (e.g. Zhang & Foo, 1997;Gerevini & Schubert, 1998;Fox & Long, 1998, and others).
While it is appealing to use domain constraints to derive the indirect effects of actions, making the idea work formally turned out to be a challenge. The problem is commonly known as the ramification problem, and various proposals have been made to solve it. Until recently, however, these proposals were at best of theoretical interest only because of their high computational complexity. The situation has since changed substantially due to the use of causality in representing domain constraints (Lin, 1995(Lin, , 1996McCain & Turner, 1995Thielscher, 1995Thielscher, , 1997Baral, 1995;Lifschitz, 1997, and others). What we will describe in this paper is an implemented system that builds on this recent work on causalitybased approaches to the ramification problem. Specifically, our system takes as input an action domain description where actions are described by their precondition axioms and direct effect axioms, and domain constraints are represented by what we call domain rules. The system returns as output a complete action specification both in STRIPS-like format and as a set of fully instantiated successor state axioms (Reiter, 1991). This paper is organized as follows. We begin by introducing our action description language. We then propose a procedure to compile an action domain specified in this language into a complete set of successor state axioms from which a STRIPS-like description is then extracted. We then show the soundness of this procedure with respect to a translation from action domain descriptions to situation calculus causal theories of Lin (1995). We next describe an implementation of this procedure, and present some experimental results. As one will see, one of the limitations of our system is that it is essentially propositional. While effect axioms and domain rules can have variables, they need to be fully instantiated during the compilation process. To partially overcome this limitation, we show some results that allow one to generalize the propositional output to the first-order case for certain classes of action domain descriptions. We then discuss some related work, and conclude this paper with some pointers for future work.

An Action Description Language
We assume a first-order language with equality. We shall call those predicates whose extensions may be changed by actions fluents, and those whose extensions are not changed by any actions static relations. We also call unary static relations types. By fluent atoms we mean those atomic formulas formed by fluents. An equality atom is one of the form u = v, where u and v are variables or constants, and an inequality constraint is one of the form u = v. Actions are represented by functions, and they are assumed to be the only functions with positive arities in the language.
Our action description language includes the following components.

Type Definitions
A type definition is specified by expressions of the following form: where p is a type, and a 1 , ..., a n are constants. The intuitive meaning of this expression is that the domain (extension) of the type p is the set {a 1 , ..., a n }. For instance, in the blocks world, we may have a type called block, and have, say, five blocks named numerically: Domain(block, {1, 2, 3, 4, 5}). In a logistics domain, we may have a type called loc for locations, and have, say, 3 locations l 1 , l 2 , and l 3 : Domain(loc, {l 1 , l 2 , l 3 }).

Primitive Fluent Definitions
Primitive fluents are defined by expressions of the following form: where f is an n-ary fluent, each p i , 1 ≤ i ≤ n, a type, and each e i , 1 ≤ i ≤ m, an inequality constraint of the form x j = x k , for some 1 ≤ j < k ≤ n. The intuitive meaning of this expression is that f (x 1 , ..., x n ) is a legal fluent atom if the second argument is true. For instance, in the blocks world, given the type definition Domain(block, {1, 2, 3}), the following fluent specification: would generate the following six legal fluent atoms: on(1, 2), on(1, 3), on(2, 1), on(2, 3), on(3, 1), on(3, 2).
Clearly, there should be exactly one fluent definition for each fluent.

Complex Fluent Definitions
Given a set of primitive fluents, one may want to define some new ones. For instance, in the blocks world, given the primitive fluent on, we can define clear in terms of on as: To specify complex fluents like clear, we first define fluent formulas as follows: • t 1 = t 2 is a fluent formula, where t 1 and t 2 are terms, i.e. either a constant in the domain of a type or a variable.
• f (t 1 , ..., t n ) is a fluent formula, where t 1 , ..., t n are terms, and f is either an n-ary primitive fluent, a complex fluent, or a static relation.
• If ϕ is a fluent formula, x a variable, and p a type, then ∀(x, p)ϕ (for all x of type p, ϕ holds) and ∃(x, p)ϕ (for some x of type p, ϕ holds) are fluent formulas. Notice that we require types to have finite domains, so these quantifications are really shorthands: If the domain of p is {a 1 , ..., a n }, then ∀(x, p)ϕ stands for ϕ(x/a 1 ) ∧ · · · ∧ ϕ(x/a n ), and ∃(x, p)ϕ stands for ϕ(x/a 1 ) ∨ · · · ∨ ϕ(x/a n ).
A complex fluent is then specified in our language by a pair of expressions of the following form: , where p i 's and e i 's are the same as in primitive fluent definitions, and ϕ a fluent formula that does not mention any complex fluents and whose free variables are among x 1 , ..., x n . The first expression specifies the syntax and the second the semantics of the complex fluent.
For instance, the complex fluent clear in the blocks world can be specified as: Defined(clear(x), ¬∃(y, block)on(y, x)).

Static Relation Definitions
As we mentioned, a static relation is one that is not changed by any action in the domain. For instance, in the robot navigation domain, we may have a proposition connected(d, r1, r2) meaning that door d connects rooms r1 and r2. The truth value of this proposition cannot be changed by the navigating robot that just rolls from room to room. In our language, a static relation is defined by an expression of the following form: where g is an n-ary predicate, and p i 's and e i 's are the same as in primitive fluent definitions. The meaning of this expression is similar to a fluent definition, and there should be exactly one definition for each static relation.

Domain Axioms
Domain axioms are constraints on static relations. For instance, for the static proposition connected(d, r1, r2), we may want to impose the following constraint: connected(d, r1, r2) ≡ connected (d, r2, r1). In our language, domain axioms are specified by expressions of the form: where ϕ is a fluent formula that does not mention any fluents, i.e. it mentions only static relations and equality. For instance, the above constraint on connected is written as: where door and room are types.

Action Definitions
Actions are defined by expressions of the following form: where a is an n-ary action, and p i 's and e i 's are the same as in primitive fluent definitions. For instance, in the blocks world, given the type definition Domain(block, {1, 2, 3}), the following action specification: would generate the following six action instances: stack(1, 2), stack(1, 3), stack(2, 1), stack(2, 3), stack(3, 1), stack(3, 2).
There should be exactly one action definition for each action.

Action Precondition Definitions
Action precondition definitions are specified by expressions of the following form: where a is an n-ary action, ϕ is a fluent formula whose free variables are among x 1 , ..., x n . There should be exactly one precondition definition for each action. For instance, in the blocks world, we may have: which says that for the action stack(x, y) to be executable in a situation, clear(x), clear(y), and ontable(x) must be true in it.

Action Effect Specifications
Action effects are specified by expressions of the following form: Effect(a(x 1 , ..., x n ), ϕ, f (y 1 , ..., y k )), or of the form: Effect(a(x 1 , ..., x n ), ϕ, ¬f (y 1 , ..., y k )), where ϕ is a fluent formula, and f a primitive fluent. The intuitive meaning of these expressions is that if ϕ is true in the initial situation, then action a(x 1 , ..., x n ) will cause f (y 1 , ..., y k ) to be true (false). For instance, in the blocks world, action stack(x, y) causes x to be on y: Effect(stack(x, y), true, on(x, y)).
For an example of a context dependent effect, consider action drop(x) that breaks an object only if it is fragile: Effect(drop(x), f ragile(x), broken(x)).
Notice here that the fluent formula ϕ in the action effect specifications can have variables that are not in x 1 , ..., x n , y 1 , ..., y k . Informally, all the variables are supposed to be "universally quantified." More precisely, when these expressions are instantiated, one can substitute any objects for these variables, provided the resulting formulas are well-formed. For instance, given the action effect specification Effect(move(x), g(x 1 ) ∧ q(x 1 , x 2 ), f (y)), one can instantiate it to: Effect(move(a), g(b) ∧ q(b, c), f (d)), as long as move(a) is a legal action (according to the action definition for move) and g(b), q(b, c), and f (d) are legal fluent atoms (according to the fluent definitions for g, q, and f ).

Domain Rules
Domain rules are specified by expressions of the following form: Causes(ϕ, f (x 1 , ..., x n )), or of the following form: Causes(ϕ, ¬f (x 1 , ..., x n )), where ϕ is a fluent formula, and f a primitive fluent. Like action effect specifications, ϕ here can have variables that are not in x 1 , ..., x n . The intuitive meaning of a domain rule is that in any situation, if ϕ holds, then the fluent atom f (x 1 , ..., x n ) will be caused to be true. A domain rule is stronger than material implication. Its formal semantics is given by mapping it to a causal rule of Lin (1995) (see Section 4), thus the name "causes". For instance, in the blocks world, a block can be on only one other block: Causes(on(x, y) ∧ y = z, ¬on(x, z)).
In a logistics domain, one may want to say that if a package is inside a truck which is at location l, then the package is at location l as well: Causes(in(x, y) ∧ at(y, l), at(x, l)).

Action Domain Descriptions
The following definition sums up our action description language: Definition 1 An action domain description is a set of type definitions, primitive fluent definitions, complex fluent definitions, static proposition definitions, domain axioms, action definitions, action precondition definitions, action effect specifications, and domain rules.

A Procedural Semantics
Given an action domain description D, we use the following procedure called CCP (Causal Completion Procedure) to generate a complete action effect specification: 1. Use primitive and complex fluent definitions to generate all legal fluent atoms. In the following let F be the set of fluent atoms so generated.
2. Use action definitions to generate all legal action instances, and for each such action instance A do the following.
2.1. For each primitive fluent atom F ∈ F, collect all ground instances 1 of A's positive effects: Effect(A, ϕ 1 , F ), · · · , Effect(A, ϕ n , F ), all ground instances of A's negative effects: all ground instances of positive domain rules: all ground instances of negative domain rules: Causes(φ 1 , ¬F ), · · · , Causes(φ l , ¬F ), and generate the following pseudo successor state axiom; where for any fluent formula ϕ, init(ϕ) is the formula obtained from ϕ by replacing every fluent atom f in ϕ by init(f ), and similarly succ(ϕ) is the formula obtained from ϕ by replacing every fluent atom f in ϕ by succ(f ). Intuitively, init(f ) means that f is true in the initial situation, and succ(f ) that f is true in the successor situation of performing action A in the initial situation.

Let
Succ be the set of pseudo successor state axioms, one for each primitive fluent F , generated by the last step, Succ1 the following set of axioms: and Init the following set of axioms: For each fluent atom F , if there is a formula Φ F such that and Φ F does not mention propositions of the form succ(f ), then output the axiom Otherwise, the action A's effect on F is indeterminate. In this case, output two axioms: where α F is a strongest formula satisfying the first implication, and β F a weakest formula satisfying the second implication. In the following, to be explicit about the action A for which we are computing its effects, we will write the axioms as Succ A , Init A , and Succ1 A .
Conceptually, Step 2.1 in the above procedure is most significant. In the next section, we shall prove that this step is provably correct under a translation to the situation calculus causal theories of Lin (1995). Computationally, Step 2.2 is the most expensive. We shall describe the strategies that our system uses to implement it in Section 5.
For this procedure to work properly, the action domain description should satisfy the following conditions. 1. We require that all fluent atoms in Init, Succ, and Succ1 be among those generated in Step 1. This would rule out cases like together with Defined(clear(x), ¬∃(y, block)on(y, x)), as the latter would generate fluent atoms of the form on(x, x) which are ruled out by the fluent definition for on.
Here one could either drop the inequality constraint in the definition of on or change the complex fluent definition into Defined(clear(x), ¬∃(y, block)(on(y, x) ∧ x = y)). We could have built in a test in our procedure above to reject an action domain description with incoherent fluent definitions like this. One easy way of making sure this does not happen is not to use inequality constraints in the definition of fluents.
2. As we mentioned above, for each action there should be exactly one action precondition that captures exactly the conditions under which the action is executable. When the action precondition is given explicitly like this, one needs to be careful in writing action effect axioms and domain rules so that no contradictory effects would be generated. For instance, given P recond(A, true), the action effect axioms Effect(A, true, F ) and Effect(A, true, ¬F ) are clearly not realizable simultaneously. Similarly, if Causes(true, F ) is given as a domain rule, then one should not write the effect axiom Effect(A, true, ¬F ). Had we not insisted that A be always executable, we could simply conclude that A is not executable when its effect axioms are in contradiction or when some of its effect axioms contradict domain rules. It remains future work to extend our procedure to allow for automatic generation of these implicitly given action preconditions. For now, we shall assume that the given action domain specification is consistent in the sense that for each action instance A generated in Step 1, the following theory 3. On a related point, our procedure assumes that information about the initial situation is given by Init. In particular, action effect axioms should not entail any information about the initial situation. For instance, given Causes(q, ¬p), Effect(A, true, p), and P recond(A, true), it must be that in the initial situation, q cannot be true, for otherwise, it will persist into the next situation, causing p to be false, which contradicts the action effect. Formally, this means that given any set I of atoms of the form init(f ), where f is a primitive fluent atom, if I ∪ I − ∪ Init is consistent, then I ∪I − ∪Succ∪Succ1 is also consistent, where I − , the complement of I, is the following set: f is a primitive fluent atom generated by Step 1} Notice that for a similar reason, Reiter needed what he called the consistency assumption in order for his completion procedure to be sound and complete for generating successor state axioms (Reiter, 1991).
While our action domain descriptions are clearly targeted at specifying deterministic actions, some indeterminate effects can sometimes arise from cyclic domain rules. For instance, consider the following action domain description: For action A, Init is a tautology, Succ1 is empty, and Succ consists of the following pseudosuccessor state axiom for p: which is equivalent to init(p) ⊃ succ(p). So if initially p is true, then after A is performed, we know that p will continue to be true. But if p is initially false, then after A is performed, we do not know if p is true or not.
• As one can see, our CCP procedure crucially depends on the fact that each type has a finite domain so that all reasoning can be done in propositional logic. This is a limitation of our current system, and this limitation is not as bad as one might think. First of all, typical planning problems all assume finite domains, and changing the domain of a type in an action description is easy -all one needs to do is to change the corresponding type definition. More significantly, a generic action domain description can often be obtained from one that assumes a finite domain. In our blocks world example, the numbers "1", "2", and "3" are generic names, and can be replaced by parameters. For instance, if we replace "1" by x and "2" by y in the above STRIPSlike description of stack(1, 2), we will get a STRIPS-like description for stack(x, y) that works for any x and y. We have found that this is a strategy that often works in planning domains.

Formal Semantics
The formal semantics of an action domain description is defined by translating it into a situation calculus causal theory of Lin (1995). We shall show that the procedure CCP given above is sound under this semantics. This section is mainly for those who are interested in nonmonotonic action theories. For those who are interested only in using our action description language for describing action domains, this section can be safely skipped.
We first briefly review the language of the situation calculus.

Situation Calculus
The language of the situation calculus is a many sorted first-order language. We assume the following sorts: situation for situations, action for actions, fluent for propositional fluents, truth-value for truth values true and f alse, and object for everything else. We use the following domain independent predicates and functions: • Binary function do -for any action a and any situation s, do(a, s) is the situation resulting from performing a in s.
• Binary predicate H -for any p and any situation s, H(p, s) is true if p holds in s.
• Binary predicate P oss -for any action a and any situation s, P oss(a, s) is true if a is possible (executable) in s.
• Ternary predicate Caused -for any fluent atom p, any truth value v, and any situation s, Caused(p, v, s) is true if the fluent atom p is caused (by something unspecified) to have the truth value v in the situation s.
In the last section, we introduced fluent formulas. We now extend H to these formulas: for any fluent formula ϕ and situation s, H(ϕ, s) is defined as follows: • if P is a static proposition, then H(P, s) is P .
, and similarly for other connectives.
According to this definition, H(ϕ, s) will be expanded to a situation calculus formula where H is applied to fluents.

A Translation to the Situation Calculus
Given a first-order language L for writing action domain descriptions, we assume that there will be a corresponding language L for the situation calculus such that constants in L will be constants of sort object in L , types in L will be types (unary predicates) in L , static relations will be predicates of the same arities in L , fluents in L will be functions of sort f luent in L , and actions in L will be functions of sort action in L . Under these conventions, the following translation will map an action domain description to a situation calculus theory. Let D be an action domain description. The translation of D into a situation calculus theory is defined as follows: • a type definition Domain(p, {a 1 , ..., a k }) is translated to: • a primitive fluent definition • a complex fluent definition • a domain axiom about static propositions:
We assume here that the domain description has only one action definition for each action.
• An action precondition axiom where ξ is the list of all free variables in a(x 1 , ..., x n ) and ϕ. We mentioned earlier that one of the limitations of our current system is that action preconditions have to be given explicitly. This is reflected in the above translation.
• A domain rule of the form where ξ is the list of all free variables in f (x 1 , ..., x n ) and ϕ. Similarly, a domain rule of the form Causes(ϕ, ¬f (x 1 , ..., x n )) is translated to Now given an action domain description D, let T be its translation in the situation calculus. The semantics of T is then determined by its completion comp(T ) that is defined as the set of following sentences: 1. The circumscription of Caused in T with all other predicates fixed.
2. The following basic axioms about Caused that says that if a fluent atom is caused to be true (false), then it is true (false): Caused(p, true, s) ⊃ Holds(p, s), Caused(p, f alse, s) ⊃ ¬Holds(p, s).
3. For the truth values, the following unique names and domain closure axiom: 4. The unique names assumptions for fluents and actions. Specifically, if F 1 ,..., F n are all the fluents, then we have: Similarly for actions.
6. The foundational axioms (Lin & Reiter, 1994b) for the discrete situation calculus. These axioms characterize the structure of the space of situations. For the purpose of this paper, it is enough to mention that they include the following unique names axioms for situations: do(a, s) = do(a , s ) ⊃ (a = a ∧ s = s ).
The following theorem shows that the procedural semantics given in the previous section is sound with respect to the semantics given here.
Theorem 1 Let D be an action domain description, and T its translation in the situation calculus. Let A be any ground action instance, s a situation variable, and ϕ(s) a situation calculus formula that satisfies the following two conditions (1) it contains at most the two situation terms s and do(A, s); and (2) if where Init, Succ, and Succ 1 are the sets of axioms generated for A according to the procedure in Section 3 Proof: Suppose S is a situation and M is a model of comp(T ) ∪ {P oss(A, S)}. Construct M S,A as follows: • the domain of M S,A is the object domain of M .
• the interpretations of non-situational function and predicate symbols in M S,A are the same as those in M .
• for any fluent atom f , Clearly, M |= ϕ(S) iff M S,A |=φ. We show below that M S,A is a model of the left hand side of (7). From this, we see that if (7), then (6). Notice first that a ground fluent atom F is generated by the procedure CCP iff Fluent(F ) is true in M . Notice also that all fluent atoms in Init ∪ Succ ∪ Succ 1 must be generated by the procedure.
We show first that M S,A is a model of Init: 1. If Axiom(ψ) is a domain axiom, then ψ is in T . Thus M satisfies ψ. Since ψ has no fluent symbols in it, M S,A satisfies it too.
2. If Causes(ψ, f (x 1 , ..., x n )) is a domain rule, then Thus if init(ψ ) ⊃ init(F ) is a corresponding formula in Init, where ψ and F is some ground instantiation of ψ and f (x 1 , ..., x n ), respectively, then Fluent(F ) must be true in M (otherwise the above formula would not be in Init), so M satisfies H(ψ , S) ⊃ H(F, S). By the construction of M S,A , it satisfies init(ψ ) ⊃ init(F ). The case for Causes(ψ, ¬f ) is similar.
3. Suppose Defined(F, ψ) is an instantiation of a complex fluent definition such that F ≡ ψ is in Init. For it to be in Init, Fluent(F ) must be true. Thus M must satisfy H(F, S) ≡ H(ψ, S). By the construction of M S,A , it satisfies init(F ) ≡ init(ψ, S).
4. Suppose P recond(A, φ A ) is the precondition axiom for A. Since M satisfies P oss(A, S) and Action(A) (because A is one of the action instances generated by the procedure), thus M satisfies H(φ A , S). So M S,A satisfies init(φ A ).
We now show that M S,A is a model of Succ, that is, for each primitive fluent atom F generated by the procedure in Step 1, the pseudo-successor state axiom (1) holds. Referring to the notation in the axiom, we need to show that M satisfies the following formula: First of all, instantiating the generic successor state axiom (5) Because of the unique names axioms about fluents, the result of predicate completion on Caused will entail: Now W 1 ,...,W i are from action effect axioms and domain rules about f . By the way that (1) is generated, and noting that Action(A), Fluent(F ), and P oss(A, S) are true, one can see that when the above equivalence is instantiated by replacing t for x, true for v, and S for s, we will get Caused(F, true, do(A, S)) ≡ H(ϕ 1 , S) ∨ · · · ∨ H(ϕ n , S) ∨ H(ϕ 1 , do(A, S)) ∨ · · · ∨ H(ϕ l , do(A, S)).
From these two axioms and (8), we get: Since M is a model of Comp(T ), M satisfies the above formula. By the construction of M S,A , it satisfies the pseudo-successor state axiom (1). Finally, the fact that M S,A is a model of Succ1 should be apparent. 2 In general, (6) does not imply (7). There are several reasons: • As we mentioned after the procedure CCP, we assume that all information about the initial situation is given by Init.
• Our procedure works on actions one at a time. The situation calculus theory T captures the effects of all actions in a single theory. So it is possible that a bad specification of an action causes the entire theory to become inconsistent. For instance, if we have Causes(true, p), P recond(A, true), and Effect(A, f alse, p), then the corresponding situation calculus theory will be inconsistent because of action A. But for our procedure, it will generate an inconsistent theory only on A.

An Implementation
Except for Step 2.2, the procedure CCP in Section 3 is straightforward to implement. This section describes the strategy that our system uses for implementing Step 2.2. The main idea comes from the work of Lin (2001a) on strongest necessary and weakest sufficient conditions. Given a propositional theory T , a proposition q, and a set B of propositions, a formula ϕ is said to be a sufficient condition of q on B under T if ϕ consists of propositions in B and T |= ϕ ⊃ q. It is said to be the weakest sufficient condition if for any such sufficient condition ϕ , we have that T |= ϕ ⊃ ϕ. Similarly, a formula ϕ is said to be a necessary condition of q on B under T if ϕ consists of propositions in B and T |= q ⊃ ϕ. It is said to be the strongest necessary condition if for any such necessary condition ϕ , we have that T |= ϕ ⊃ ϕ .
It is easy to see that the weakest sufficient condition and the strongest necessary condition are unique up to logical equivalence under the background theory. It was shown (Lin, 2001a) that these two notions are closely related, and can be computed using the technique of forgetting (Lin & Reiter, 1994a). In particular, for action theories, an effective strategy is to first compute the strongest necessary condition, add it to the background theory, and then compute the weakest sufficient condition under the new theory. This strategy is justified by the following proposition Lin (2001a): Proposition 1 Let T be a theory, q a proposition, and B a set of propositions. If ϕ is a necessary condition of q on B under T , and ψ the weakest sufficient condition of q on B under T ∪ {ϕ}, then ϕ ∧ ψ is the weakest sufficient condition of q on B under T .
We can now describe our strategy for implementing Step 2.2 of the procedure CCP. In the following, given an action instance A, as in Step 2.2, let Succ be the set of pseudosuccessor state axioms for primitive fluent atoms, Succ1 the set of pseudo-successor state axioms for complex fluent atoms, and Init the set of initial situation axioms derived from the action precondition axiom for A, domain axioms, domain rules, and complex fluent definitions. Also in the following, a succ-proposition is one of the form succ(f ), and an init-proposition is one of the form init(f ).

Transform
Init into a clausal form and derive from it a set of unit clauses U nit.
2. Use U nit to simplify the axioms in Succ and for each resulting axiom in it: if Φ f does not mention succ-propositions, then delete it from Succ, output it and replace succ(f ) in the rest of the axioms by Φ f .

3.
For each fluent atom f whose pseudo-successor state axiom (9)  If β f is a tautology, then delete (9) from Succ, output succ(f ) ≡ α f , and replace succ(f ) in Succ by α f . If β is not a tautology, then output succ(f ) ⊃ α f and α f ∧ β f ⊃ succ(f ), but do not delete (9) from Succ. The correctness of this step follows from Proposition 1.
5. The previous steps solve the equations in Succ, and generate appropriate output for primitive fluent atoms. For each complex fluent atom F : if every primitive fluent atom in ϕ has a successor state axiom, then do the following: (a) if no primitive fluent atoms in ϕ are changed by the action, then this complex fluent atom is not changed by the action either, so output succ(F ) ≡ init(F ); (b) otherwise, output succ(F ) ≡ Φ, where Φ is obtained from succ(ϕ) by replacing every succ-proposition in it by the right side of its successor state axiom.
Otherwise, if some of the primitive fluent atoms in ϕ do not have a successor state axiom, which means the action may have an indeterminate effect on them, then this action may have an indeterminate effect on F as well. Compute the strongest necessary and weakest sufficient conditions of succ(F ) under Init ∪ Succ ∪ Succ1 as in the last step, and output them.
6. This step will try to generate a STRIPS-like description for the action instance A based on the results of Steps 4 and 5. For each fluent atom F , do according to one of the following cases: (a) if its successor state axiom is succ(F ) ≡ true, then put F into the add list unless init(F ) is entailed by Init; (b) if its successor state axiom is succ(F ) ≡ f alse, then put F into the delete list unless ¬init(F ) is entailed by Init; (c) if its successor state axiom is succ(F ) ≡ Φ, and Φ is not the same as true, f alse, or init(F ), then put F in the conditional effect list and output its successor state axiom.
(d) If F does not have a successor state axiom, then put it in the list of indeterminate effects.
Clearly, if F is not put into any of the lists, then its truth value is not affected by A.
Steps 4 and 5 of the above procedure are the bottleneck as in the worst case, computing the strongest necessary condition of a proposition is coNP-hard. However, it has been our experience that if action A has a context-free effect on fluent atom F , then its successor state axiom can be computed without going through Step 4. We have implemented the procedure CCP using the above strategy in SWI-Prolog 3.2.9 2 . The url for this system is as follows: http://www.cs.ust.hk/~flin/ccp.html Using the system, we have encoded in our action description language many of the planning domains that come with the original release of PDDL (McDermott, 1998), and compiled them to STRIPS-like specifications. Our encodings of the domains and the results returned by the system are included in the online appendix. In the following, we illustrate some interesting features of our system using the following two domains: the blocks world and the monkey and bananas domain.

The Blocks World
We have used the blocks world as the running example. Here we shall give an alternative specification of the domain using the following better known set of actions: stack, unstack, pickup, and putdown. We shall use this domain to show that changing slightly the precondition of one of the actions can result in a very different action specification.
Notice that compared to the description in Example 1, there are two more fluents, holding and handempty here. Thus we have a few more domain rules about them, and the definition of clear is changed to take into account that when a block is held, it is not considered to be clear. Now assuming a domain with three blocks Domain(block, {1, 2, 3}), our system will generate 19 fluent atoms, and 18 action instances. For each action instance, it returns both a complete set of successor state axioms and a STRIPS-like representation. The total computation time for all actions is 835K inferences and 0.5 seconds. 3 This is a pure STRIPS domain, i.e. all actions are context free. For this type of domains, as we mentioned earlier, Step 4 in our implementation procedure is not needed, and Step 5 is easy.
The results are as expected. For instance, for action pickup(1), the STRIPS-like representation returned by the system looks like the following: track 1 to track 2), the STRIPSlike representation looks like: pickup (1) (x)).

The Monkey and Bananas Domain
This domain is again adapted from McDermott's PDDL library of planning domains, which attributes it to the University of Washington's UCPOP collection of action domains, which in turn attributes it to Prodigy. While some of the action effects generated by our system are context-dependent, they are all context-free in the other systems. We shall elaborate on this difference later. In this domain, there are two types, loc for locations (we assume there are three locations here), and object for things like monkey, banana, box, etc.: The following are domain rules about these fluents: Causes(onbox(X), at(monkey, X)), Causes(onbox(X), at(box, X)), Causes(onbox(X), ¬onF loor), Causes(onF loor, ¬onbox(X)), Causes(hasglass ∧ at(monkey, X), at(glass, X)), Causes(hasknif e ∧ at(monkey, X), at(knif e, X)), Causes(hasbanana ∧ at(monkey, X), at(banana, X)).
The following are action definitions along with their respective preconditions and effect axioms: • goto(x, y) -the monkey goes to x from y: Effect(goto(X, Y ), true, at(monkey, X)).
For this action, actually for all the actions in this domain, we could use an ADL-like description (Pednault, 1989) for conditional effects: Add list: at(banana,1) when hasbanana at(knife,1) when hasknife at(glass,1) when hasglass Delete list: at(banana,2) when hasbanana at(knife,2) when hasknife at(glass,2) when hasglass However, it is not clear whether this can always be done in the general case. We mentioned earlier that the specifications for this domain given in McDermott's collection as well as others are all context-free. For instance, the following is a specification for action goto in PDDL in McDermott's collection: (:action GO-TO :parameters (?x ?y) :precondition (and (location ?x) (location ?y) (not (= ?y ?x)) (on-floor) (at monkey ?y)) :effect (and (at monkey ?x) (not (at monkey ?y)))) This corresponds to a context-free action that does not change any other fluent except at. It is clear that the design of this action does not take into account domain rules (15) -(17). With this specification, if initially banana is at location 1, then the goal of having banana at location 2 would not be achievable.

Summary
The other domains that we have experimented including a scheduling domain that includes Pednault's dictionary and paycheck domain as a special case, the rocket domain, the SRI robot domain, the machine shop assembling domain, the ferry domain, the grid domain, the sokoban domain, and the gear domain. They are all included in the online appendix. We summarize below some of the common features of these domains: • In all the domains that we tried, it is quite straightforward to decide what effects of an action should be encoded as direct effects (those given by the predicate Effect) and what effects as indirect effects (those derived from domain rules).
• The most common domain rules are functional dependency constraints. For instance, in the blocks world, the fluent atom on(x, y) is functional on both arguments; in the monkey and banana domain, the fluent atom at(object, loc) is functional on the second argument (each object can be at only one location). It makes sense then that we would have a special shorthand for these domain rules, and perhaps a special procedure for handling them as well. But more significantly, given the prevalence of these functional dependency constraints in action domains, it is worthwhile to investigate the possibility of a general purpose planner making good use of these constraints.
• As we mentioned earlier, our system is propositional. The generated successor state axioms and STRIPS-like systems are all fully instantiated. However, it is often easy for the user to generalize these propositional specifications to first-order ones. We shall investigate the generality of this observation next.

Generalizing Propositional STRIPS-Like Systems to Ones With Parameters
As we mentioned, for many action domain descriptions, the successor state axioms and STRIPS-like systems generated for a specific domain can be generalized to arbitrary ones. More precisely, let D be a domain description, and Domain(p 1 , D p 1 ), · · · , Domain(p k , D p k ) its type specification. Suppose in D for action A we have that Init A ∪ Succ A |= ϕ. Now suppose D is another domain description that is just like D except that it has a different type specification: Domain(p 1 , D p 1 ), · · · , Domain(p k , D p k ).
The question that we are interested in is this: given any one-to-one mapping from the type specification of D to that of D , will Init A ∪ Succ A |= ϕ be true in D ? Here A (resp. ϕ ) is the result of replacing all objects in A (resp. ϕ) according to the mapping. For instance, if the above is true for the blocks world, then we can generalize the results for the domain description in Example 1 as follows. As we have shown, for action stack(1, 2), both succ(on(1, 2)) and ¬succ(on (1, 3)) are true. Now if we change the type specification to Domain(block, {a, b, c, d, e}), and if we map 1 to a, 2 to c, and 3 to e, in the new domain specification, we will have that for action stack(a, c), succ(on(a, c)) and ¬succ(on(a, e)) are true. Furthermore, by changing the mapping for 3, we see that for any x that is different from a and c (the mapping needs to be one-to-one), ¬succ(on(a, x)) is true.
Obviously, this is to be expected of the blocks world. We now proceed to show that for some general classes of domain descriptions, we can do this as well. We first make precise the mapping from one type specification to another.
Definition 2 Given two type specifications O: Domain(p 1 , D p 1 ), · · · , Domain(p k , D p k ), an embedding from O to O is a one-to-one mapping τ from D p 1 ∪· · ·∪D p k to D p 1 ∪· · ·∪D p k such that for any 1 ≤ i ≤ k, and any a ∈ D p i , f (a) ∈ D p i .
Clearly, if there is an embedding of O to O , then for each type p, the size of the domain for p in O must be at least the size of the domain for p in O. Given such an embedding τ , any expression β (actions, propositions, formulas) in an action domain description D with O as its type specification can be mapped to τ (β) in the language of D : one simply replaces each object a in β by τ (a), where D differs from D only in that it uses O as its type specification. Notice that only objects (those in the domain of some type) are to be replaced, not constants that may occur in the effect axioms or domain rules.
Definition 3 An action domain description belongs to simple-I class if it does not mention any function of positive arity, does not mention any complex fluents except in complex fluent definitions, and satisfies the following conditions: 1. If P recond(A, φ A ) is an action precondition definition, then φ A has the form (∀x, p)...(∀y, q)W , where W is a fluent formula that does not have any quantifiers.
2. If Effect(A, ϕ, F ) or Effect(A, ϕ, ¬F ) is an action effect axiom, then ϕ does not have any quantifiers, and the variables in ϕ and F are among those in A. That is, one cannot have something like Effect(explodeAt(x), nearby(y, x), dead(y)).
3. If Causes(ϕ, F ) or Causes(ϕ, ¬F ) is a domain rule, then ϕ does not have any quantifiers, and all the variables in ϕ must be in F .
Theorem 2 Let D be a simple-I action domain description, and A an action instance in D. Let D be just like D except for the type specification. Then for any formula ψ that does not mention any complex fluent and has no quantifiers, and any embedding τ from the type specification of D to that of D , we have that if Proof: Suppose Init τ (A) ∪ Succ τ (A) |= τ (ψ) is not true, and that M 1 is a truth assignment in the language of D that satisfies Init τ (A) ∪ Succ τ (A) and ¬τ (ψ). Now construct a truth assignment M 2 in the language of D as follows: for any proposition P in the language of D that does not mention any complex fluent, M 2 |= P iff M 1 |= τ (P ) (P is really either a static proposition, succ(F ),or init(F ), where F is a primitive fluent atom). The truth values of complex fluent atoms in M 2 are defined according to their definitions. Clearly, M 2 |= ψ. We now need to show that M 2 also satisfies Init A and Succ A . For Init A , there are three cases: which is true since M 1 |= (∀x, p)W . For Succ A , suppose F is a primitive fluent atom, and its pseudo-successor state axiom Φ F as constructed according to the procedure CCP given in Section 3 is as follows:

All other formulas in Init
Because of the following properties about D: • each effect axiom Effect(A, ϕ, F ) or Effect(A, ϕ, ¬F ) has the property that ϕ has no quantifier, and that the variables in ϕ are also in F ; • each domain rule of the form Causes(ϕ, F ) or Causes(ϕ, ¬F ) has the property that ϕ has no quantifier, and that the variables in ϕ are also in F ; so the pseudo-successor state axiom for τ (succ(F )) under D is just τ (Φ F ). Thus M 2 |= Φ F since M 1 |= τ (Φ F ). This proves that M 2 is a model of Succ A , thus the theorem. 2 However, most of the examples that we have in the paper do not belong to this simple-I class, for two reasons: action preconditions, like those in the blocks world, can mention complex fluents; and some of the negative domain rules Causes(ϕ, ¬F ) may have some variables not in F . The first problem is not a problem in principle as complex fluents can be replaced by their definitions. The second problem is more serious, and that leads to a new type of simple action theories.
Definition 4 An action domain description belongs to simple-II class if it does not mention any function of positive arity, does not mention any complex fluents except in complex fluent definitions, and satisfies the following conditions: 1. If P recond(A, φ A ) is an action precondition definition, then φ A has the form (∀x, p)...(∀y, q)W , where W is a fluent formula that does not have any quantifiers.
2. If Effect(A, ϕ, F ) or Effect(A, ϕ, ¬F ) is an action effect axiom, then ϕ does not have any quantifiers, and the variables in ϕ and F are among those in A.
3. There are no positive domain rules of the form Causes(ϕ, F ).

If
Causes(ϕ, ¬F ) is a domain rule, then ϕ must be of the form ϕ 1 ∧ ϕ 2 , where ϕ 1 is any formula that does not mention any fluents and ϕ 2 is a fluent atom. Notice that there is no restriction on variables in ϕ 2 .
Simple-II class action domain descriptions seem to be very limited in that there can be no positive domain rules, and the only negative domain rules allowed are binary. Nevertheless, they still capture many context-free action domains. For instance, both the blocks world and meet-and-pass domains in this paper belong to this class: for the blocks world, notice that while it uses the complex fluent clear in some of its action precondition definitions, as in P recond(stack(x, y), ontable(x) ∧ clear(x) ∧ clear(y)), these definitions can be reformulated as follows using clear's definition: P recond(stack(x, y), ontable(x) ∧ (∀x 1 , block)(∀y 1 , block)(¬on(x 1 , x) ∧ ¬on(y 1 , y))).
This will then satisfy the condition about P recond in the above definition of simple-II action domain descriptions. While we have not verified it formally, it seems that all the context-free action domains in McDermott's PDDL library of action domains, including the logistics domain, belong to the simple-II class.
Theorem 3 Let D be a simple-II action domain description, and A an action instance in D. Let D be just like D except for the type specification. Then for any formula ψ that does not mention any complex fluent and has no quantifiers, and any embedding τ from the type specification of D to that of D , we have that if Proof: Suppose Init τ (A) ∪ Succ τ (A) |= τ (ψ) is not true, and that M 1 is a truth assignment in the language of D that satisfies Init τ (A) ∪ Succ τ (A) and ¬τ (ψ). Now construct a truth assignment M 2 in the language of D as follows: for any proposition P in the language of D that does not mention any complex fluent, M 2 |= P iff M 1 |= τ (P ) (P is really either a static proposition, succ(F ),or init(F ), where F is a primitive fluent atom). The truth values of complex fluent atoms in M 2 are defined according to their definitions. Clearly, M 2 |= ψ. We now need to show that M 2 also satisfies Init A and Succ A . For Init A , there are three cases: 1. M 2 |= init(F ) ≡ init(ϕ) when Defined(F, ϕ) is a complex fluent definition. This follows from the construction of M 2 .
2. M 2 |= init(φ A ) when P recond(A, φ A ) is the precondition definition for A. By our assumption, φ A has the form (∀x, p)...(∀y, q).W , where W is a formula without any quantifiers. Without loss of generality, let us assume it is (∀x, p 1 )W . Then this formula is equivalent to which is true since M 1 |= (∀x, p 1 )W . For Succ A , suppose F is a primitive fluent atom. Since there is no positive domain rule of the form Causes(ϕ, F ), the pseudo-successor state axiom for F as constructed according to the procedure CCP given in Section 3 must be of the following form:

All other formulas in Init
where for each 1 ≤ i ≤ k, Causes(φ i , ¬F ) is an instance of a domain rule in D.
Because in D and D , each effect axiom Effect(ϕ, F ) or Effect(ϕ, ¬F ) has the property that ϕ has no quantifier, and that the variables in ϕ are also in F , the pseudo-successor state axiom for τ (succ(F )) under D must have the form: where φ is a disjunction such that each disjunct α must be such that Causes(α, ¬τ (F )) is an instance in D and that the fluent atom in α contains an object not in τ (A) and τ (F ). There are two cases: • Suppose M 2 |= succ(F ). Then M 1 |= succ(τ (F )). Since M 1 is a model of Succ τ (A) , M 1 satisfies the above axiom about succ(τ (F )). Therefore M 1 satisfies the following formula: Since the above formula does not mention any complex fluents and has no quantifiers, M 2 satisfies the corresponding formula: which is the right side of the equivalence of the pseudo-successor state axiom for succ(F ) in Succ A .
Thus M 1 satisfies the right side of (18).
So to show that the right side of the equivalence of (18) is satisfied by M 1 , we need to show that M 1 |= ¬succ(φ). Recall that φ is a disjunction such that each disjunct α must correspond to a domain rule of the form Causes(α, ¬τ (F )), and that α is of the form α 1 ∧ G such that α 1 does not mention fluents, and G is a fluent atom that mentions an object that does not occur in τ (A). Note that init(α) ⊃ ¬init(τ (F )) is an axiom in Succ τ (A) , which is satisfied by M 1 . Thus M 1 |= ¬init(α). This means that either α 1 or init(G) is false in M 1 . If α 1 is false, then succ(α) is false since succ(α 1 ) is the same as α 1 . Suppose that init(G) is false in M 1 . Notice that since there are no positive domain rules, and that G has an object not in τ (A) and τ (F ), the pseudo-successor state axiom for G in Succ τ (A) must be of the form succ(G) ≡ init(G) ∧ Φ. Therefore from M 1 |= ¬init(G) we get M 1 |= ¬succ(α). Since α is any disjunct of φ, we have proved that M 1 |= ¬succ(φ). Therefore M 1 |= succ(τ (F )). Thus M 2 |= succ(F ).

Related Work
In planning, the most closely related work is the causal reasoning module in Wilkins's SIPE system (Wilkins, 1988). Wilkins writes (page 85, Wilkins, 1988): "Use of the STRIPS assumptions has made operators unacceptably difficult to describe in previous classical planners... One of the primary reasons for this is that all effects of an action must be explicitly stated... Deductive causal theories are one of the most important mechanisms used by SIPE to alleviate problems in operator representation caused by the STRIPS assumption." This is certainly one of the motivations for our system as well. In SIPE, domain rules have triggers, preconditions, conditions, and effects. Informally, when the triggers become true in the new situation, SIPE would then check in sequence to see if the preconditions were true in the old situation, and the conditions are true in the new situation. If all these conditions are true, it will then deduce the effects. For instance, a SIPE causal rule for on(x, y) in the blocks world would look like: Causal-rule: Not-on Arguments: x, y, z; Trigger: on(x,y); Precondition: on(x,z); Effects: not on(x,z); In comparison, our domain rules are much simpler. For instance, our corresponding rule for the above SIPE rule is simply: Causes(on(x, y) ∧ y = z, on(x, z)). We do not need procedural directives like triggers. To a large degree, we can see our system as a rational reconstruction of the causal reasoning module in SIPE. As we have shown in Theorem 1, the procedure used by our system is sound under a translation to causal theories in the situation calculus. While Wilkins also gave a translation of his causal rules to formulas in the situation calculus, he did not specify an underlying logic to reason about such formulas. In fact, as shown by Lin (1995), such translations would not work. For those familiar with PDDL, the original version by McDermott and the AIPS-98 Planning Competition Committee allows domain axioms over stratified theories. According to the manual of PDDL 1.2 (McDermott, 1998), "axioms are logical formulas that assert relationships among propositions that hold within a situation." The format for writing axioms in PDDL is as follows: where W is a formula and P a literal. Axioms are treated directionally, from W to P . The following is the rule and intention for using the axioms according to the manual: "The rule is that action definitions are not allowed to have effects that mention predicates that occur in the :implies field of an axiom. The intention is that action definitions mention 'primitive' predicates like on, and that all changes in truth value of 'derived' predicates like above occur through axioms. Without axioms, the action definitions will have to describe changes in all predicates that might be affected by an action, which leads to a complex software engineering (or 'domain engineering') problem." It is clear from this quotation that axioms in PDDL are intended for defining "derived" predicates. They are similar to our complex fluent definitions. New versions of PDDL have extended the original version by allowing actions with durations and continuous changes. They have not considered using axioms to derive changes to "primitive" predicates like what we have done here with domain rules. Our action domain description language, while having a very different syntax that is strongly influenced by Prolog syntax, shares much of the same ideas behind action languages (Gelfond & Lifschitz, 1999). However, unlike action languages, ours does not provide facilities for expressing the truth value of a fluent atom in a particular situation like the initial situation. Rather, it is aimed at specifying the generic effects of actions. On the other hand, it has facilities for specifying types and static relations. Most importantly, to date, action languages are either implemented directly or mapped to a nonmonotonic logic programming system rather than by compilation into a monotonic system where action effects are given explicitly, as is done here. For instance, a new SAT-based planning method would have to be implemented (e.g. McCain & Turner, 1998) for action languages. In comparison, once an action domain description is compiled to a STRIPS-like description, existing planning systems such as Blackbox (Selman & Kautz, 1999) or System R (Lin, 2001b) can be directly called.

Concluding Remarks
We have described a system for generating the effects of actions from direct action effect axioms and domain rules, among other things. We have shown the soundness of the procedure used by the system and tested it successfully in many benchmark action domains used by current AI planners. For future work, we are considering how to generalize the simple action theories in Section 6 to include context-dependent action domain descriptions like the monkey and bananas domain.