Abstract
We outline a probabilistic denotational semantics for the RoboChart language, a diagrammatic, domain-specific notation for describing robotic controllers with their hardware platforms and operating environments. We do this using a powerful (but perhaps not so well known) semantic technique: He, Morgan, and McIver’s weakest completion semantics, which is based on Hoare and He’s Unifying Theories of Programming. In this approach, we do the following: (1) start with the standard semantics for a nondeterministic programming language; (2) propose a new probabilistic semantic domain; (3) propose a forgetful function from the probabilistic semantic domain to the standard semantic domain; (4) use the converse of the forgetful function to embed the standard semantic domain in the probabilistic semantic domain; (5) demonstrate that this embedding preserves program structure; (6) define the probabilistic choice operator. Weakest completion semantics guides the semantic definition of new languages by building on existing semantics and, in this case, tackling a notoriously thorny issue: the relationship between demonic and probabilistic choice. Consistency ensures that programming intuitions, development techniques, and proof methods can be carried over from the standard language to the probabilistic one. We largely follow He et al., our contribution being an explication of the technique with meticulous proofs suitable for mechanisation in Isabelle/UTP.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The RoboStar programme includes a number of individual projects, including RoboCalc, which is developing a calculus of software engineering for robotic controllers.
- 2.
- 3.
The Statechart in this example is originally due to Jansen [34], but has been reinterpreted here as a robotics example.
- 4.
The semantics in this paper does not capture the real-time behaviour of RoboChart; however, every transition in an MDP takes unit time. When we develop the real-time probabilistic model, these two notions of time will be complementary, allowing events to be simultaneous with respect to the real-time clock, but ordered at the MDP level: super-dense time.
- 5.
Note that if is a probability distribution function, then lifting from states to a relation on states results in an alphabetised definition: has as a free variable ( is bound by the set comprehension). If we now fix , then we get the probability sum for the image of through . Note that is also an alphabetised expression, this time with alphabet . Thus , which we encounter next, is a suitable candidate for the postcondition of a probabilistic design.
- 6.
This subclass of specification contracts is sometimes known as “normal” designs [14, 21]. The theory of reactive designs [6], mentioned on page 7, is not an embedding of normal designs, since a reactive design can mention the after-value of the trace variable in its precondition. To see this, consider the precondition in the reactive design for the CSP process . This process can diverge, but only after an -event. The process’s precondition records the circumstances under which the process will not diverge: . In words: “Don’t press the button, or else we crash!”.
- 7.
The notation and come from the separating simulation operator in UTP’s parallel-by-merge [31, Sect. 7.2], which is being used here to combine probability distributions.
- 8.
This case analysis is present in [24], although its purpose is not explained there).
- 9.
The expression is Z’s domain restriction operator [53, p. 98]: the domain restriction of a relation to a set relates to if and only if relates to and is a member of .
- 10.
We have already begun work on the mechanisation of the proofs in Isabelle/UTP. Early indications show that the meticulous detail in the hand-written proofs is very helpful in the mechanisation.
References
Alur, R., Henzinger, T.A.: Reactive modules. Formal Methods Syst. Des. 15(1), 7–48 (1999)
Bousmalis, K.: Closing the simulation-to-reality gap for deep robotic learning (2019). Google AI Blog http://ai.googleblog.com/2017/10/closing-simulation-to-reality-gap-for.html
Brunner, S.G., Steinmetz, F., Belder, R., Dömel, A.: RAFCON: a graphical tool for engineering complex, robotic tasks. In: 2016 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2016, Daejeon, South Korea, 9–14 October 2016, pp. 3283–3290 (2016)
Cavalcanti, A., Ribeiro, P., Miyazawa, A., Sampaio, A., Filho, M.C., Didier, A.: RoboSim: Reference Manual (2019). www.cs.york.ac.uk/robostar/robosim/robosim-reference.pdf
Cavalcanti, A., Sampaio, A., Woodcock, J.: Refinement of actions in Circus. Electr. Notes Theor. Comput. Sci. 70(3), 132–162 (2002)
Cavalcanti, A., Woodcock, J.: A tutorial introduction to CSP in Unifying Theories of Programming. In: Cavalcanti, A., Sampaio, A., Woodcock, J. (eds.) PSSE 2004. LNCS, vol. 3167, pp. 220–268. Springer, Heidelberg (2006). https://doi.org/10.1007/11889229_6
Dhouib, S., Kchir, S., Stinckwich, S., Ziadi, T., Ziane, M.: RobotML, a domain-specific language to design, simulate and deploy robotic applications. In: Noda, I., Ando, N., Brugali, D., Kuffner, J.J. (eds.) SIMPAR 2012. LNCS (LNAI), vol. 7628, pp. 149–160. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34327-8_16
Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Upper Saddle River (1976)
FDR: Failures-Divergences Refinement. www.cs.ox.ac.uk/projects/fdr/
Conserva Filho, M.S., Marinho, R., Mota, A., Woodcock, J.: Analysing RoboChart with probabilities. In: Massoni, T., Mousavi, M.R. (eds.) SBMF 2018. LNCS, vol. 11254, pp. 198–214. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03044-5_13
Fischler, M.A., Bolles, R.C.: Random sample consensus: a paradigm for model fitting with applications to image analysis and automated cartography. Commun. ACM 24(6), 381–395 (1981)
Fitzgerald, J.S., Gamble, C., Larsen, P.G., Pierce, K., Woodcock, J.: Cyber-physical systems design: Formal foundations, methods and integrated tool chains. In: Gnesi, S., Plat, N. (eds.) 3rd IEEE/ACM FME Workshop on Formal Methods in Software Engineering, FormaliSE 2015, Florence, 18 May 2015, pp. 40–46. IEEE Computer Society (2015)
Foster, S., Baxter, J., Cavalcanti, A., Miyazawa, A., Woodcock, J.: Automating verification of state machines with reactive designs and Isabelle/UTP. In: Bae, K., Ölveczky, P.C. (eds.) FACS 2018. LNCS, vol. 11222, pp. 137–155. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-02146-7_7
Foster, S., Cavalcanti, A., Canham, S., Woodcock, J., Zeyda, F.: Unifying theories of reactive design contracts. CoRR abs/1712.10233 (2017). arxiv.org/abs/1712.10233
Foster, S., Cavalcanti, A., Woodcock, J., Zeyda, F.: Unifying theories of time with generalised reactive processes. Inf. Process. Lett. 135, 47–52 (2018)
Foster, S., Woodcock, J.: Unifying theories of programming in Isabelle. In: Liu, Z., Woodcock, J., Zhu, H. (eds.) Unifying Theories of Programming and Formal Engineering Methods. LNCS, vol. 8050, pp. 109–155. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39721-9_3
Foster, S., Woodcock, J.: Towards verification of cyber-physical systems with UTP and Isabelle/HOL. In: Gibson-Robinson, T., Hopcroft, P., Lazić, R. (eds.) Concurrency, Security, and Puzzles. LNCS, vol. 10160, pp. 39–64. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-51046-0_3
Foster, S., Zeyda, F., Nemouchi, Y., Ribeiro, P., Wolff, B.: Isabelle/UTP: mechanised theory engineering for unifying theories of programming. Arch. Formal Proofs (2019)
Foster, S., Zeyda, F., Woodcock, J.: Isabelle/UTP: a mechanised theory engineering framework. In: Naumann, D. (ed.) UTP 2014. LNCS, vol. 8963, pp. 21–41. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14806-9_2
Goldsmith, M.: CSP: the best concurrent-system description language in the world–probably! In: Communicating Process Architectures, pp. 227–232 (2004)
Guttmann, W., Möller, B.: Normal design algebra. J. Log. Algebr. Program. 79(2), 144–173 (2010)
Harel, D.: Statecharts: a visual formalism for complex systems. Sci. Comput. Program. 8(3), 231–274 (1987)
Harwood, W., Cavalcanti, A., Woodcock, J.: A theory of pointers for the UTP. In: Fitzgerald, J.S., Haxthausen, A.E., Yenigun, H. (eds.) ICTAC 2008. LNCS, vol. 5160, pp. 141–155. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85762-4_10
Jifeng, H., Morgan, C., McIver, A.: Deriving probabilistic semantics via the ‘Weakest Completion’. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 131–145. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30482-1_17
Hehner, E.C.R.: Predicative programming, part I. Commun. ACM 27(2), 134–143 (1984)
Hehner, E.C.R.: Predicative programming, part II. Commun. ACM 27(2), 144–151 (1984)
Hehner, E.C.R., Gupta, L.E., Malton, A.J.: Predicative methodology. Acta Inf. 23(5), 487–505 (1986)
Hilder, J.A., et al.: Chemical detection using the receptor density algorithm. IEEE Trans. Syst. Man Cybern. Part C 42(6), 1730–1741 (2012)
Hoare, C.A.R.: Programs are predicates. In: FGCS, pp. 211–218 (1992)
Hoare, C.A.R., He, J.: The weakest prespecification. Inf. Process. Lett. 24(2), 127–132 (1987)
Hoare, C.A.R., He, J.: Unifying Theories of Programming. Prentice Hall, Upper Saddle River (1998)
Jakobi, N., Husbands, P., Harvey, I.: Noise and the reality gap: the use of simulation in evolutionary robotics. In: Morán, F., Moreno, A., Merelo, J.J., Chacón, P. (eds.) ECAL 1995. LNCS, vol. 929, pp. 704–720. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-59496-5_337
Jansen, D.N., Hermanns, H., Katoen, J.-P.: A probabilistic extension of UML statecharts. In: Damm, W., Olderog, E.-R. (eds.) FTRTFT 2002. LNCS, vol. 2469, pp. 355–374. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45739-9_21
Jansen, D.: Extensions of Statecharts with probability, time, and stochastic timing. Ph.D. thesis, University of Twente (2003)
Kwiatkowska, M.Z., Norman, G., Parker, D.: PRISM: probabilistic symbolic model checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46029-2_13
Larsen, P.G., et al.: Integrated tool chain for model-based design of cyber-physical systems: the INTO-CPS project. In: 2016 2nd International Workshop on Modelling, Analysis, and Control of Complex CPS, CPS Data 2016, Vienna, 11 April 2016, pp. 1–6. IEEE Computer Society (2016)
Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems: A Cyber-Physical Systems Approach, 2nd edn. The MIT Press, Cambridge (2016)
Liu, Y., Sun, J., Dong, J.S.: PAT 3: an extensible architecture for building multi-domain model checkers. In: Dohi, T., Cukic, B. (eds.) IEEE 22nd International Symposium on Software Reliability Engineering, ISSRE 2011, Hiroshima, 29 November–2 December 2011, pp. 190–199. IEEE Computer Society (2011)
Miyazawa, A.: RoboTool: RoboChart Tool Manual. University of York (2018). http://tinyurl.com/RoboTool-Manual
Miyazawa, A., Ribeiro, P., Li, W., Cavalcanti, A., Timmis, J.: Automatic property checking of robotic applications. In: 2017 IEEE/RSJ International Conference on Intelligent Robots and Systems, IROS 2017, Vancouver, 24–28 September 2017, pp. 3869–3876 (2017)
Miyazawa, A., Ribeiro, P., Li, W., Cavalcanti, A., Timmis, J., Woodcock, J.: RoboChart: modelling and verification of the functional behaviour of robotic applications. Softw. Syst. Model. 18, 3097–3149 (2019)
Nipkow, T., Wenzel, M., Paulson, L.C.: Isabelle/HOL—A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45949-9
Nokovic, B., Sekerinski, E.: Verification and code generation for timed transitions in pCharts. In: Desai, B.C. (ed.) International C* Conference on Computer Science & Software Engineering, C3S2E 2014, Montreal, 3–5 August 2014, pp. 3:1–3:10. ACM (2014)
Object Management Group: OMG Unified Modeling Language (OMG UML), superstructure, version 2.4.1
Oliveira, M., Cavalcanti, A., Woodcock, J.: A denotational semantics for Circus. Electr. Notes Theor. Comput. Sci. 187, 107–123 (2007)
Oliveira, M., Cavalcanti, A., Woodcock, J.: A UTP semantics for Circus. Formal Asp. Comput. 21(1–2), 3–32 (2009)
Pembeci, I., Nilsson, H., Hager, G.D.: Functional reactive robotics: an exercise in principled integration of domain-specific languages. In: Proceedings of the 4th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming, 6–8 October 2002, Pittsburgh (Affiliated with PLI 2002), pp. 168–179 (2002)
Ribeiro, P., Miyazawa, A., Li, W., Cavalcanti, A., Timmis, J.: Modelling and verification of timed robotic controllers. In: Polikarpova, N., Schneider, S. (eds.) IFM 2017. LNCS, vol. 10510, pp. 18–33. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66845-1_2
RoboCalc. www.cs.york.ac.uk/circus/RoboCalc
RoboCalc Project: The foraging robot example. University of York (2019). http://tinyurl.com/y4h9aq2l
Roscoe, A.W.: On the expressive power of CSP refinement. Formal Asp. Comput. 17(2), 93–112 (2005)
Roscoe, A.W.: Understanding Concurrent Systems. Texts in Computer Science. Springer, Heidelberg (2010). https://doi.org/10.1007/978-1-84882-258-0
Spivey, J.: The Z Notation: A Reference Manual, 2nd edn. Prentice-Hall, Upper Saddle River (1989)
V-REP: Virtual Robot Experimentation Platform, User Manual, Version 3.6.1. www.coppeliarobotics.com/helpFiles/en/importExport.htm
Wächter, M., Ottenhaus, S., Kröhnert, M., Vahrenkamp, N., Asfour, T.: The ArmarX Statechart concept: graphical programming of robot behavior. Front. Robot. AI 3, 33 (2016)
Webots: Reference Manual, Rel. R2019a. www.cyberbotics.com/doc/reference/
Winfield, A.F.T.: Foraging robots. In: Meyers, R.A. (ed.) Encyclopedia of Complexity and Systems Science, pp. 3682–3700. Springer, Heidelberg (2009). https://doi.org/10.1007/978-0-387-30440-3_217
Woodcock, J.: Engineering UToPiA: formal semantics for CML. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 22–41. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06410-9_3
Woodcock, J., Cavalcanti, A.: A tutorial introduction to designs in unifying theories of programming. In: Boiten, E.A., Derrick, J., Smith, G. (eds.) IFM 2004. LNCS, vol. 2999, pp. 40–66. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24756-2_4
Woodcock, J., Foster, S.: UTP by example: designs. In: Bowen, J.P., Liu, Z., Zhang, Z. (eds.) SETSS 2016. LNCS, vol. 10215, pp. 16–50. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56841-6_2
Woodcock, J., Foster, S., Butterfield, A.: Heterogeneous semantics and unifying theories. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 374–394. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_26
Woodcock, J.C.P., Morgan, C.: Refinement of state-based concurrent systems. In: Bjørner, D., Hoare, C.A.R., Langmaack, H. (eds.) VDM 1990. LNCS, vol. 428, pp. 340–351. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-52513-0_18
Zave, P., Jackson, M.: Conjunction as composition. ACM Trans. Softw. Eng. Methodol. 2(4), 379–411 (1993)
Zhang, S.J., Liu, Y.: An automatic approach to model checking UML state machines. In: Fourth International Conference on Secure Software Integration and Reliability Improvement, SSIRI 2010, Singapore, 9–11 June 2010, pp. 1–6. IEEE Computer Society (2010)
Zhao, Y., Yang, Z., Xie, J., Liu, Q.: Quantitative analysis of system based on extended UML state diagrams and probabilistic model checking. JSW 5(7), 793–800 (2010)
Acknowledgements
This work was funded under EPSRC grant EP/M025756/1 on A Calculus for Software Engineering of Mobile and Autonomous Robots, Royal Society grant Requirements Modelling for Cyber-Physical Systems, and a Royal Academy of Engineering Chair in Emerging Technologies. We are grateful for very helpful feedback from the reviewers that helped us clarify the exposition of our ideas in this paper (including the explanation of the connection between weakest precondition and weakest prespecification in Appendix A). We have benefited from discussions with Riccardo Bresciani, Andrew Butterfield, Ana Cavalcanti, Tony Hoare, Lydia Hughes, Zhiming Liu, Alvaro Miyazawa, and Augusto Sampaio. We are especially grateful to He Jifeng, Annabelle McIver, and Carroll Morgan for their beautiful ideas. The work in this paper was first presented at the IFIP WG 2.3 (Programming Methodology) meeting in York in February 2019 and at a Royal Society/National Natural Science Foundation of China workshop at Southwest University (Chongqing) in May 2019.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Connecting Weakest Preconditions and Prespecifications
A Connecting Weakest Preconditions and Prespecifications
Weakest preconditions and prespecifications each arise as the weakest solution of an inequality in three variables. Both have a conjunction on the implementation side. The inequality for the weakest precondition in stated as , but this is equivalent to (1). The inequality for the weakest prespecification is stated as , but this is equivalent to (2). The two inequalities have the same essential structure. Hoare & He go further and note as a conjecture that the two predicate transformers are almost identical when the first argument mentions only dashed variables: . The conjecture is easily proved.
This result means that the weakest prespecification subsumes the weakest precondition and so could be used to give its definition: .
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Woodcock, J., Cavalcanti, A., Foster, S., Mota, A., Ye, K. (2019). Probabilistic Semantics for RoboChart. In: Ribeiro, P., Sampaio, A. (eds) Unifying Theories of Programming. UTP 2019. Lecture Notes in Computer Science(), vol 11885. Springer, Cham. https://doi.org/10.1007/978-3-030-31038-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-31038-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-31037-0
Online ISBN: 978-3-030-31038-7
eBook Packages: Computer ScienceComputer Science (R0)