Skip to main content
SpringerLink
Log in

Probabilistic Semantics for RoboChart

A Weakest Completion Approach

  • Conference paper
  • First Online:
Book cover Unifying Theories of Programming (UTP 2019)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 11885))

Included in the following conference series:

Abstract

We outline a probabilistic denotational semantics for the RoboChart language, a diagrammatic, domain-specific notation for describing robotic controllers with their hardware platforms and operating environments. We do this using a powerful (but perhaps not so well known) semantic technique: He, Morgan, and McIver’s weakest completion semantics, which is based on Hoare and He’s Unifying Theories of Programming. In this approach, we do the following: (1) start with the standard semantics for a nondeterministic programming language; (2) propose a new probabilistic semantic domain; (3) propose a forgetful function from the probabilistic semantic domain to the standard semantic domain; (4) use the converse of the forgetful function to embed the standard semantic domain in the probabilistic semantic domain; (5) demonstrate that this embedding preserves program structure; (6) define the probabilistic choice operator. Weakest completion semantics guides the semantic definition of new languages by building on existing semantics and, in this case, tackling a notoriously thorny issue: the relationship between demonic and probabilistic choice. Consistency ensures that programming intuitions, development techniques, and proof methods can be carried over from the standard language to the probabilistic one. We largely follow He et al., our contribution being an explication of the technique with meticulous proofs suitable for mechanisation in Isabelle/UTP.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The RoboStar programme includes a number of individual projects, including RoboCalc, which is developing a calculus of software engineering for robotic controllers.

  2. 2.

    The difficulty of transferring simulated experience into the real world, often called the “reality gap” [32], is a subtle but important discrepancy between reality and simulation that prevents simulated robotic experience from directly enabling effective real-world performance [2].

  3. 3.

    The Statechart in this example is originally due to Jansen [34], but has been reinterpreted here as a robotics example.

  4. 4.

    The semantics in this paper does not capture the real-time behaviour of RoboChart; however, every transition in an MDP takes unit time. When we develop the real-time probabilistic model, these two notions of time will be complementary, allowing events to be simultaneous with respect to the real-time clock, but ordered at the MDP level: super-dense time.

  5. 5.

    Note that if is a probability distribution function, then lifting from states to a relation on states results in an alphabetised definition: has as a free variable ( is bound by the set comprehension). If we now fix , then we get the probability sum for the image of through . Note that is also an alphabetised expression, this time with alphabet . Thus , which we encounter next, is a suitable candidate for the postcondition of a probabilistic design.

  6. 6.

    This subclass of specification contracts is sometimes known as “normal” designs [14, 21]. The theory of reactive designs [6], mentioned on page 7, is not an embedding of normal designs, since a reactive design can mention the after-value of the trace variable in its precondition. To see this, consider the precondition in the reactive design for the CSP process . This process can diverge, but only after an -event. The process’s precondition records the circumstances under which the process will not diverge: . In words: “Don’t press the button, or else we crash!”.

  7. 7.

    The notation and come from the separating simulation operator in UTP’s parallel-by-merge [31, Sect. 7.2], which is being used here to combine probability distributions.

  8. 8.

    This case analysis is present in [24], although its purpose is not explained there).

  9. 9.

    The expression is Z’s domain restriction operator [53, p. 98]: the domain restriction of a relation to a set relates to if and only if relates to and is a member of .

  10. 10.

    We have already begun work on the mechanisation of the proofs in Isabelle/UTP. Early indications show that the meticulous detail in the hand-written proofs is very helpful in the mechanisation.

References

  1. Alur, R., Henzinger, T.A.: Reactive modules. Formal Methods Syst. Des. 15(1), 7–48 (1999)

    Article  Google Scholar 

  2. Bousmalis, K.: Closing the simulation-to-reality gap for deep robotic learning (2019). Google AI Blog http://ai.googleblog.com/2017/10/closing-simulation-to-reality-gap-for.html

  3. Brunner, S.G., Steinmetz, F., Belder, R., Dömel, A.: RAFCON: a graphical tool for engineering complex, robotic tasks. In: 2016 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2016, Daejeon, South Korea, 9–14 October 2016, pp. 3283–3290 (2016)

    Google Scholar 

  4. Cavalcanti, A., Ribeiro, P., Miyazawa, A., Sampaio, A., Filho, M.C., Didier, A.: RoboSim: Reference Manual (2019). www.cs.york.ac.uk/robostar/robosim/robosim-reference.pdf

  5. Cavalcanti, A., Sampaio, A., Woodcock, J.: Refinement of actions in Circus. Electr. Notes Theor. Comput. Sci. 70(3), 132–162 (2002)

    Article  Google Scholar 

  6. Cavalcanti, A., Woodcock, J.: A tutorial introduction to CSP in Unifying Theories of Programming. In: Cavalcanti, A., Sampaio, A., Woodcock, J. (eds.) PSSE 2004. LNCS, vol. 3167, pp. 220–268. Springer, Heidelberg (2006). https://doi.org/10.1007/11889229_6

    Chapter  Google Scholar 

  7. Dhouib, S., Kchir, S., Stinckwich, S., Ziadi, T., Ziane, M.: RobotML, a domain-specific language to design, simulate and deploy robotic applications. In: Noda, I., Ando, N., Brugali, D., Kuffner, J.J. (eds.) SIMPAR 2012. LNCS (LNAI), vol. 7628, pp. 149–160. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34327-8_16

    Chapter  Google Scholar 

  8. Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Upper Saddle River (1976)

    MATH  Google Scholar 

  9. FDR: Failures-Divergences Refinement. www.cs.ox.ac.uk/projects/fdr/

  10. Conserva Filho, M.S., Marinho, R., Mota, A., Woodcock, J.: Analysing RoboChart with probabilities. In: Massoni, T., Mousavi, M.R. (eds.) SBMF 2018. LNCS, vol. 11254, pp. 198–214. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03044-5_13

    Chapter  Google Scholar 

  11. Fischler, M.A., Bolles, R.C.: Random sample consensus: a paradigm for model fitting with applications to image analysis and automated cartography. Commun. ACM 24(6), 381–395 (1981)

    Article  MathSciNet  Google Scholar 

  12. Fitzgerald, J.S., Gamble, C., Larsen, P.G., Pierce, K., Woodcock, J.: Cyber-physical systems design: Formal foundations, methods and integrated tool chains. In: Gnesi, S., Plat, N. (eds.) 3rd IEEE/ACM FME Workshop on Formal Methods in Software Engineering, FormaliSE 2015, Florence, 18 May 2015, pp. 40–46. IEEE Computer Society (2015)

    Google Scholar 

  13. Foster, S., Baxter, J., Cavalcanti, A., Miyazawa, A., Woodcock, J.: Automating verification of state machines with reactive designs and Isabelle/UTP. In: Bae, K., Ölveczky, P.C. (eds.) FACS 2018. LNCS, vol. 11222, pp. 137–155. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02146-7_7

    Chapter  Google Scholar 

  14. Foster, S., Cavalcanti, A., Canham, S., Woodcock, J., Zeyda, F.: Unifying theories of reactive design contracts. CoRR abs/1712.10233 (2017). arxiv.org/abs/1712.10233

  15. Foster, S., Cavalcanti, A., Woodcock, J., Zeyda, F.: Unifying theories of time with generalised reactive processes. Inf. Process. Lett. 135, 47–52 (2018)

    Article  MathSciNet  Google Scholar 

  16. Foster, S., Woodcock, J.: Unifying theories of programming in Isabelle. In: Liu, Z., Woodcock, J., Zhu, H. (eds.) Unifying Theories of Programming and Formal Engineering Methods. LNCS, vol. 8050, pp. 109–155. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39721-9_3

    Chapter  MATH  Google Scholar 

  17. Foster, S., Woodcock, J.: Towards verification of cyber-physical systems with UTP and Isabelle/HOL. In: Gibson-Robinson, T., Hopcroft, P., Lazić, R. (eds.) Concurrency, Security, and Puzzles. LNCS, vol. 10160, pp. 39–64. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-51046-0_3

    Chapter  MATH  Google Scholar 

  18. Foster, S., Zeyda, F., Nemouchi, Y., Ribeiro, P., Wolff, B.: Isabelle/UTP: mechanised theory engineering for unifying theories of programming. Arch. Formal Proofs (2019)

    Google Scholar 

  19. Foster, S., Zeyda, F., Woodcock, J.: Isabelle/UTP: a mechanised theory engineering framework. In: Naumann, D. (ed.) UTP 2014. LNCS, vol. 8963, pp. 21–41. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14806-9_2

    Chapter  Google Scholar 

  20. Goldsmith, M.: CSP: the best concurrent-system description language in the world–probably! In: Communicating Process Architectures, pp. 227–232 (2004)

    Google Scholar 

  21. Guttmann, W., Möller, B.: Normal design algebra. J. Log. Algebr. Program. 79(2), 144–173 (2010)

    Article  MathSciNet  Google Scholar 

  22. Harel, D.: Statecharts: a visual formalism for complex systems. Sci. Comput. Program. 8(3), 231–274 (1987)

    Article  MathSciNet  Google Scholar 

  23. Harwood, W., Cavalcanti, A., Woodcock, J.: A theory of pointers for the UTP. In: Fitzgerald, J.S., Haxthausen, A.E., Yenigun, H. (eds.) ICTAC 2008. LNCS, vol. 5160, pp. 141–155. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85762-4_10

    Chapter  MATH  Google Scholar 

  24. Jifeng, H., Morgan, C., McIver, A.: Deriving probabilistic semantics via the ‘Weakest Completion’. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 131–145. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30482-1_17

    Chapter  Google Scholar 

  25. Hehner, E.C.R.: Predicative programming, part I. Commun. ACM 27(2), 134–143 (1984)

    Article  MathSciNet  Google Scholar 

  26. Hehner, E.C.R.: Predicative programming, part II. Commun. ACM 27(2), 144–151 (1984)

    Article  MathSciNet  Google Scholar 

  27. Hehner, E.C.R., Gupta, L.E., Malton, A.J.: Predicative methodology. Acta Inf. 23(5), 487–505 (1986)

    Article  MathSciNet  Google Scholar 

  28. Hilder, J.A., et al.: Chemical detection using the receptor density algorithm. IEEE Trans. Syst. Man Cybern. Part C 42(6), 1730–1741 (2012)

    Article  Google Scholar 

  29. Hoare, C.A.R.: Programs are predicates. In: FGCS, pp. 211–218 (1992)

    Google Scholar 

  30. Hoare, C.A.R., He, J.: The weakest prespecification. Inf. Process. Lett. 24(2), 127–132 (1987)

    Article  MathSciNet  Google Scholar 

  31. Hoare, C.A.R., He, J.: Unifying Theories of Programming. Prentice Hall, Upper Saddle River (1998)

    MATH  Google Scholar 

  32. Jakobi, N., Husbands, P., Harvey, I.: Noise and the reality gap: the use of simulation in evolutionary robotics. In: Morán, F., Moreno, A., Merelo, J.J., Chacón, P. (eds.) ECAL 1995. LNCS, vol. 929, pp. 704–720. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-59496-5_337

    Chapter  Google Scholar 

  33. Jansen, D.N., Hermanns, H., Katoen, J.-P.: A probabilistic extension of UML statecharts. In: Damm, W., Olderog, E.-R. (eds.) FTRTFT 2002. LNCS, vol. 2469, pp. 355–374. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45739-9_21

    Chapter  MATH  Google Scholar 

  34. Jansen, D.: Extensions of Statecharts with probability, time, and stochastic timing. Ph.D. thesis, University of Twente (2003)

    Google Scholar 

  35. Kwiatkowska, M.Z., Norman, G., Parker, D.: PRISM: probabilistic symbolic model checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46029-2_13

    Chapter  Google Scholar 

  36. Larsen, P.G., et al.: Integrated tool chain for model-based design of cyber-physical systems: the INTO-CPS project. In: 2016 2nd International Workshop on Modelling, Analysis, and Control of Complex CPS, CPS Data 2016, Vienna, 11 April 2016, pp. 1–6. IEEE Computer Society (2016)

    Google Scholar 

  37. Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems: A Cyber-Physical Systems Approach, 2nd edn. The MIT Press, Cambridge (2016)

    MATH  Google Scholar 

  38. Liu, Y., Sun, J., Dong, J.S.: PAT 3: an extensible architecture for building multi-domain model checkers. In: Dohi, T., Cukic, B. (eds.) IEEE 22nd International Symposium on Software Reliability Engineering, ISSRE 2011, Hiroshima, 29 November–2 December 2011, pp. 190–199. IEEE Computer Society (2011)

    Google Scholar 

  39. Miyazawa, A.: RoboTool: RoboChart Tool Manual. University of York (2018). http://tinyurl.com/RoboTool-Manual

  40. Miyazawa, A., Ribeiro, P., Li, W., Cavalcanti, A., Timmis, J.: Automatic property checking of robotic applications. In: 2017 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2017, Vancouver, 24–28 September 2017, pp. 3869–3876 (2017)

    Google Scholar 

  41. Miyazawa, A., Ribeiro, P., Li, W., Cavalcanti, A., Timmis, J., Woodcock, J.: RoboChart: modelling and verification of the functional behaviour of robotic applications. Softw. Syst. Model. 18, 3097–3149 (2019)

    Article  Google Scholar 

  42. Nipkow, T., Wenzel, M., Paulson, L.C.: Isabelle/HOL—A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45949-9

    Book  MATH  Google Scholar 

  43. Nokovic, B., Sekerinski, E.: Verification and code generation for timed transitions in pCharts. In: Desai, B.C. (ed.) International C* Conference on Computer Science & Software Engineering, C3S2E 2014, Montreal, 3–5 August 2014, pp. 3:1–3:10. ACM (2014)

    Google Scholar 

  44. Object Management Group: OMG Unified Modeling Language (OMG UML), superstructure, version 2.4.1

    Google Scholar 

  45. Oliveira, M., Cavalcanti, A., Woodcock, J.: A denotational semantics for Circus. Electr. Notes Theor. Comput. Sci. 187, 107–123 (2007)

    Article  Google Scholar 

  46. Oliveira, M., Cavalcanti, A., Woodcock, J.: A UTP semantics for Circus. Formal Asp. Comput. 21(1–2), 3–32 (2009)

    Article  Google Scholar 

  47. Pembeci, I., Nilsson, H., Hager, G.D.: Functional reactive robotics: an exercise in principled integration of domain-specific languages. In: Proceedings of the 4th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming, 6–8 October 2002, Pittsburgh (Affiliated with PLI 2002), pp. 168–179 (2002)

    Google Scholar 

  48. Ribeiro, P., Miyazawa, A., Li, W., Cavalcanti, A., Timmis, J.: Modelling and verification of timed robotic controllers. In: Polikarpova, N., Schneider, S. (eds.) IFM 2017. LNCS, vol. 10510, pp. 18–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66845-1_2

    Chapter  Google Scholar 

  49. RoboCalc. www.cs.york.ac.uk/circus/RoboCalc

  50. RoboCalc Project: The foraging robot example. University of York (2019). http://tinyurl.com/y4h9aq2l

  51. Roscoe, A.W.: On the expressive power of CSP refinement. Formal Asp. Comput. 17(2), 93–112 (2005)

    Article  Google Scholar 

  52. Roscoe, A.W.: Understanding Concurrent Systems. Texts in Computer Science. Springer, Heidelberg (2010). https://doi.org/10.1007/978-1-84882-258-0

    Book  MATH  Google Scholar 

  53. Spivey, J.: The Z Notation: A Reference Manual, 2nd edn. Prentice-Hall, Upper Saddle River (1989)

    MATH  Google Scholar 

  54. V-REP: Virtual Robot Experimentation Platform, User Manual, Version 3.6.1. www.coppeliarobotics.com/helpFiles/en/importExport.htm

  55. Wächter, M., Ottenhaus, S., Kröhnert, M., Vahrenkamp, N., Asfour, T.: The ArmarX Statechart concept: graphical programming of robot behavior. Front. Robot. AI 3, 33 (2016)

    Article  Google Scholar 

  56. Webots: Reference Manual, Rel. R2019a. www.cyberbotics.com/doc/reference/

  57. Winfield, A.F.T.: Foraging robots. In: Meyers, R.A. (ed.) Encyclopedia of Complexity and Systems Science, pp. 3682–3700. Springer, Heidelberg (2009). https://doi.org/10.1007/978-0-387-30440-3_217

    Chapter  Google Scholar 

  58. Woodcock, J.: Engineering UToPiA: formal semantics for CML. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 22–41. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06410-9_3

    Chapter  Google Scholar 

  59. Woodcock, J., Cavalcanti, A.: A tutorial introduction to designs in unifying theories of programming. In: Boiten, E.A., Derrick, J., Smith, G. (eds.) IFM 2004. LNCS, vol. 2999, pp. 40–66. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24756-2_4

    Chapter  Google Scholar 

  60. Woodcock, J., Foster, S.: UTP by example: designs. In: Bowen, J.P., Liu, Z., Zhang, Z. (eds.) SETSS 2016. LNCS, vol. 10215, pp. 16–50. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56841-6_2

    Chapter  Google Scholar 

  61. Woodcock, J., Foster, S., Butterfield, A.: Heterogeneous semantics and unifying theories. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 374–394. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_26

    Chapter  Google Scholar 

  62. Woodcock, J.C.P., Morgan, C.: Refinement of state-based concurrent systems. In: Bjørner, D., Hoare, C.A.R., Langmaack, H. (eds.) VDM 1990. LNCS, vol. 428, pp. 340–351. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-52513-0_18

    Chapter  Google Scholar 

  63. Zave, P., Jackson, M.: Conjunction as composition. ACM Trans. Softw. Eng. Methodol. 2(4), 379–411 (1993)

    Article  Google Scholar 

  64. Zhang, S.J., Liu, Y.: An automatic approach to model checking UML state machines. In: Fourth International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2010, Singapore, 9–11 June 2010, pp. 1–6. IEEE Computer Society (2010)

    Google Scholar 

  65. Zhao, Y., Yang, Z., Xie, J., Liu, Q.: Quantitative analysis of system based on extended UML state diagrams and probabilistic model checking. JSW 5(7), 793–800 (2010)

    Article  Google Scholar 

Download references

Acknowledgements

This work was funded under EPSRC grant EP/M025756/1 on A Calculus for Software Engineering of Mobile and Autonomous Robots, Royal Society grant Requirements Modelling for Cyber-Physical Systems, and a Royal Academy of Engineering Chair in Emerging Technologies. We are grateful for very helpful feedback from the reviewers that helped us clarify the exposition of our ideas in this paper (including the explanation of the connection between weakest precondition and weakest prespecification in Appendix A). We have benefited from discussions with Riccardo Bresciani, Andrew Butterfield, Ana Cavalcanti, Tony Hoare, Lydia Hughes, Zhiming Liu, Alvaro Miyazawa, and Augusto Sampaio. We are especially grateful to He Jifeng, Annabelle McIver, and Carroll Morgan for their beautiful ideas. The work in this paper was first presented at the IFIP WG 2.3 (Programming Methodology) meeting in York in February 2019 and at a Royal Society/National Natural Science Foundation of China workshop at Southwest University (Chongqing) in May 2019.

Author information

Authors and Affiliations

  1. University of York, York, UK

    Jim Woodcock, Ana Cavalcanti, Simon Foster & Kangfeng Ye

  2. Federal University of Pernambuco, Recife, Brazil

    Alexandre Mota

Authors
  1. Jim Woodcock
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ana Cavalcanti
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Simon Foster
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alexandre Mota
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kangfeng Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jim Woodcock .

Editor information

Editors and Affiliations

  1. University of York, York, UK

    Pedro Ribeiro

  2. Universidade Federal de Pernambuco, Recife, Brazil

    Augusto Sampaio

A Connecting Weakest Preconditions and Prespecifications

A Connecting Weakest Preconditions and Prespecifications

Weakest preconditions and prespecifications each arise as the weakest solution of an inequality in three variables. Both have a conjunction on the implementation side. The inequality for the weakest precondition in stated as , but this is equivalent to (1). The inequality for the weakest prespecification is stated as , but this is equivalent to (2). The two inequalities have the same essential structure. Hoare & He go further and note as a conjecture that the two predicate transformers are almost identical when the first argument mentions only dashed variables: . The conjecture is easily proved.

figure hu

This result means that the weakest prespecification subsumes the weakest precondition and so could be used to give its definition: .

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Woodcock, J., Cavalcanti, A., Foster, S., Mota, A., Ye, K. (2019). Probabilistic Semantics for RoboChart. In: Ribeiro, P., Sampaio, A. (eds) Unifying Theories of Programming. UTP 2019. Lecture Notes in Computer Science(), vol 11885. Springer, Cham. https://doi.org/10.1007/978-3-030-31038-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-31038-7_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-31037-0

  • Online ISBN: 978-3-030-31038-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation