SEQUENTIAL DESIGN IN CLINICAL TRIALS Ping Gao1, James H. Ware2, and Cyrus Mehta23 1Biostatistics, The Medicines Company, Parsippany, New Jersey, USA 2Harvard School of Public Health, Boston, Massachusetts, USA 3Cytel Corporation, Cambridge, Massachusetts, USA There is considerable interest in methods that use accumulated data to modify trial sample size. Basic Characteristics. Design can be based on either or both perspectives. Research problems can become research questions and/or hypotheses based on prior literature, knowledge, experience, or the research process. Sample sizes vary based on methods used. Data collection can involve any technique available to researchers.

In software engineering, a software development process is the process of dividing software development work into distinct phases to improve design, product management, and project management. It is also known as a software development life cycle. The methodology may include the pre-definition of specific deliverables and artifacts that are created and completed by a project team to develop or maintain an application.^[1]

Most modern development processes can be vaguely described as agile. Other methodologies include waterfall, prototyping, iterative and incremental development, spiral development, rapid application development, and extreme programming.

Some people consider a life-cycle 'model' a more general term for a category of methodologies and a software development 'process' a more specific term to refer to a specific process chosen by a specific organization. For example, there are many specific software development processes that fit the spiral life-cycle model. The field is often considered a subset of the systems development life cycle.

• 2Practices
• 3Methodologies

History[edit]

The software development methodology (also known as SDM) framework didn't emerge until the 1960s. According to Elliott (2004) the systems development life cycle (SDLC) can be considered to be the oldest formalized methodology framework for building information systems. The main idea of the SDLC has been 'to pursue the development of information systems in a very deliberate, structured and methodical way, requiring each stage of the life cycle––from inception of the idea to delivery of the final system––to be carried out rigidly and sequentially'^[2] within the context of the framework being applied. The main target of this methodology framework in the 1960s was 'to develop large scale functional business systems in an age of large scale business conglomerates. Information systems activities revolved around heavy data processing and number crunching routines'.^[2]

Methodologies, processes, and frameworks range from specific proscriptive steps that can be used directly by an organization in day-to-day work, to flexible frameworks that an organization uses to generate a custom set of steps tailored to the needs of a specific project or group. In some cases a 'sponsor' or 'maintenance' organization distributes an official set of documents that describe the process. Specific examples include:

1970s

• Structured programming since 1969
• Cap Gemini SDM, originally from PANDATA, the first English translation was published in 1974. SDM stands for System Development Methodology

1980s

• Structured systems analysis and design method (SSADM) from 1980 onwards

1990s

• Object-oriented programming (OOP) developed in the early 1960s, and became a dominant programming approach during the mid-1990s
• Rapid application development (RAD), since 1991
• Dynamic systems development method (DSDM), since 1994
• Scrum, since 1995
• Team software process, since 1998
• Rational Unified Process (RUP), maintained by IBM since 1998
• Extreme programming, since 1999

2000s

• Agile Unified Process (AUP) maintained since 2005 by Scott Ambler
• Disciplined agile delivery (DAD) Supersedes AUP

2010s

• Scaled Agile Framework (SAFe)
• Large-Scale Scrum (LeSS)

It is notable that since DSDM in 1994, all of the methodologies on the above list except RUP have been agile methodologies - yet many organisations, especially governments, still use pre-agile processes (often waterfall or similar). Software process and software quality are closely interrelated; some unexpected facets and effects have been observed in practice ^[3]

Since the early 2000s scaling agile delivery processes has become the biggest challenge for teams using agile processes.^[4]

Among these another software development process has been established in open source. The adoption of these best practices known and established processes within the confines of a company is called inner source.

Practices[edit]

Several software development approaches have been used since the origin of information technology, in two main categories^{[citation needed]}. Typically an approach or a combination of approaches is chosen by management or a development team^{[citation needed]}.

'Traditional' methodologies such as waterfall that have distinct phases are sometimes known as software development life cycle (SDLC) methodologies^{[citation needed]}, though this term could also be used more generally to refer to any methodology. A 'life cycle' approach with distinct phases is in contrast to Agile approaches which define a process of iteration, but where design, construction, and deployment of different pieces can occur simultaneously^{[citation needed]}.

Continuous integration[edit]

Continuous integration is the practice of merging all developer working copies to a shared mainline several times a day.^[5]Grady Booch first named and proposed CI in his 1991 method,^[6] although he did not advocate integrating several times a day. Extreme programming (XP) adopted the concept of CI and did advocate integrating more than once per day – perhaps as many as tens of times per day.

Prototyping[edit]

Software prototyping is about creating prototypes, i.e. incomplete versions of the software program being developed.

The basic principles are:^[1]

• Prototyping is not a standalone, complete development methodology, but rather an approach to try out particular features in the context of a full methodology (such as incremental, spiral, or rapid application development (RAD)).
• Attempts to reduce inherent project risk by breaking a project into smaller segments and providing more ease-of-change during the development process.
• The client is involved throughout the development process, which increases the likelihood of client acceptance of the final implementation.
• While some prototypes are developed with the expectation that they will be discarded, it is possible in some cases to evolve from prototype to working system.

A basic understanding of the fundamental business problem is necessary to avoid solving the wrong problems, but this is true for all software methodologies.

Incremental development[edit]

Various methods are acceptable for combining linear and iterative systems development methodologies, with the primary objective of each being to reduce inherent project risk by breaking a project into smaller segments and providing more ease-of-change during the development process.

There are three main variants of incremental development:^[1]

1. A series of mini-Waterfalls are performed, where all phases of the Waterfall are completed for a small part of a system, before proceeding to the next increment, or
2. Overall requirements are defined before proceeding to evolutionary, mini-Waterfall development of individual increments of a system, or
3. The initial software concept, requirements analysis, and design of architecture and system core are defined via Waterfall, followed by incremental implementation, which culminates in installing the final version, a working system.

Rapid application development[edit]

Rapid application development (RAD) is a software development methodology, which favors iterative development and the rapid construction of prototypes instead of large amounts of up-front planning. The 'planning' of software developed using RAD is interleaved with writing the software itself. The lack of extensive pre-planning generally allows software to be written much faster, and makes it easier to change requirements.

The rapid development process starts with the development of preliminary data models and business process models using structured techniques. In the next stage, requirements are verified using prototyping, eventually to refine the data and process models. These stages are repeated iteratively; further development results in 'a combined business requirements and technical design statement to be used for constructing new systems'.^[7]

The term was first used to describe a software development process introduced by James Martin in 1991. According to Whitten (2003), it is a merger of various structured techniques, especially refers to a group of software development methodologies based on iterative development, where requirements and solutions evolve via collaboration between self-organizing cross-functional teams. The term was coined in the year 2001 when the Agile Manifesto was formulated.

Agile software development uses iterative development as a basis but advocates a lighter and more people-centric viewpoint than traditional approaches. Agile processes fundamentally incorporate iteration and the continuous feedback that it provides to successively refine and deliver a software system.

There are many agile methodologies, including:

• Dynamic systems development method (DSDM)

Waterfall development[edit]

The waterfall model is a sequential development approach, in which development is seen as flowing steadily downwards (like a waterfall) through several phases, typically:

• Requirements analysis resulting in a software requirements specification
• Integration, if there are multiple subsystems
• Deployment (or Installation)

The first formal description of the method is often cited as an article published by Winston W. Royce^[8] in 1970 although Royce did not use the term 'waterfall' in this article. Royce presented this model as an example of a flawed, non-working model.^[9]

The basic principles are:^[1]

• Project is divided into sequential phases, with some overlap and splashback acceptable between phases.
• Emphasis is on planning, time schedules, target dates, budgets and implementation of an entire system at one time.
• Tight control is maintained over the life of the project via extensive written documentation, formal reviews, and approval/signoff by the user and information technology management occurring at the end of most phases before beginning the next phase. Written documentation is an explicit deliverable of each phase.

The waterfall model is a traditional engineering approach applied to software engineering. A strict waterfall approach discourages revisiting and revising any prior phase once it is complete. This 'inflexibility' in a pure waterfall model has been a source of criticism by supporters of other more 'flexible' models. It has been widely blamed for several large-scale government projects running over budget, over time and sometimes failing to deliver on requirements due to the Big Design Up Front approach. Except when contractually required, the waterfall model has been largely superseded by more flexible and versatile methodologies developed specifically for software development. See Criticism of Waterfall model.

Spiral development[edit]

In 1988, Barry Boehm published a formal software system development 'spiral model,' which combines some key aspect of the waterfall model and rapid prototyping methodologies, in an effort to combine advantages of top-down and bottom-up concepts. It provided emphasis in a key area many felt had been neglected by other methodologies: deliberate iterative risk analysis, particularly suited to large-scale complex systems.

The basic principles are:^[1]

• Focus is on risk assessment and on minimizing project risk by breaking a project into smaller segments and providing more ease-of-change during the development process, as well as providing the opportunity to evaluate risks and weigh consideration of project continuation throughout the life cycle.
• 'Each cycle involves a progression through the same sequence of steps, for each part of the product and for each of its levels of elaboration, from an overall concept-of-operation document down to the coding of each individual program.'^[10]
• Each trip around the spiral traverses four basic quadrants: (1) determine objectives, alternatives, and constraints of the iteration; (2) evaluate alternatives; Identify and resolve risks; (3) develop and verify deliverables from the iteration; and (4) plan the next iteration.^[11]
• Begin each cycle with an identification of stakeholders and their 'win conditions', and end each cycle with review and commitment.^[12]

Offshore development[edit]

Offshore custom software development aims at dispatching the software development process over various geographical areas to optimize project spending by capitalizing on countries with lower salaries and operating costs. Geographically distributed teams can be integrated at any point of the software development process through custom hybrid models.^[13]

Other[edit]

Other high-level software project methodologies include:

• Behavior-driven development and business process management^[14]
• Chaos model - The main rule is always resolve the most important issue first.
• Incremental funding methodology - an iterative approach
• Lightweight methodology - a general term for methods that only have a few rules and practices
• Structured systems analysis and design method - a specific version of waterfall
• Slow programming, as part of the larger Slow Movement, emphasizes careful and gradual work without (or minimal) time pressures. Slow programming aims to avoid bugs and overly quick release schedules.
• V-Model (software development) - an extension of the waterfall model
• Unified Process (UP) is an iterative software development methodology framework, based on Unified Modeling Language (UML). UP organizes the development of software into four phases, each consisting of one or more executable iterations of the software at that stage of development: inception, elaboration, construction, and guidelines. Many tools and products exist to facilitate UP implementation. One of the more popular versions of UP is the Rational Unified Process (RUP).

Process meta-models[edit]

Some 'process models' are abstract descriptions for evaluating, comparing, and improving the specific process adopted by an organization.

• ISO/IEC 12207 is the international standard describing the method to select, implement, and monitor the life cycle for software.
• The Capability Maturity Model Integration (CMMI) is one of the leading models and based on best practice. Independent assessments grade organizations on how well they follow their defined processes, not on the quality of those processes or the software produced. CMMI has replaced CMM.
• ISO 9000 describes standards for a formally organized process to manufacture a product and the methods of managing and monitoring progress. Although the standard was originally created for the manufacturing sector, ISO 9000 standards have been applied to software development as well. Like CMMI, certification with ISO 9000 does not guarantee the quality of the end result, only that formalized business processes have been followed.
• ISO/IEC 15504Information technology — Process assessment also known as Software Process Improvement Capability Determination (SPICE), is a 'framework for the assessment of software processes'. This standard is aimed at setting out a clear model for process comparison. SPICE is used much like CMMI. It models processes to manage, control, guide and monitor software development. This model is then used to measure what a development organization or project team actually does during software development. This information is analyzed to identify weaknesses and drive improvement. It also identifies strengths that can be continued or integrated into common practice for that organization or team.
• ISO/IEC 24744Software Engineering — Metamodel for Development Methodologies, is a powertype-based metamodel for software development methodologies.
• SPEM 2.0 by the Object Management Group
• Soft systems methodology - a general method for improving management processes
• Method engineering - a general method for improving information system processes

In practice[edit]

A variety of such frameworks have evolved over the years, each with its own recognized strengths and weaknesses. One software development methodology framework is not necessarily suitable for use by all projects. Each of the available methodology frameworks are best suited to specific kinds of projects, based on various technical, organizational, project and team considerations.^[1]

Software development organizations implement process methodologies to ease the process of development. Sometimes, contractors may require methodologies employed, an example is the U.S. defense industry, which requires a rating based on process models to obtain contracts. The international standard for describing the method of selecting, implementing and monitoring the life cycle for software is ISO/IEC 12207.

A decades-long goal has been to find repeatable, predictable processes that improve productivity and quality. Some try to systematize or formalize the seemingly unruly task of designing software. Others apply project management techniques to designing software. Large numbers of software projects do not meet their expectations in terms of functionality, cost, or delivery schedule - see List of failed and overbudget custom software projects for some notable examples.

Organizations may create a Software Engineering Process Group (SEPG), which is the focal point for process improvement. Composed of line practitioners who have varied skills, the group is at the center of the collaborative effort of everyone in the organization who is involved with software engineering process improvement.

A particular development team may also agree to programming environment details, such as which integrated development environment is used, and one or more dominant programming paradigms, programming style rules, or choice of specific software libraries or software frameworks. These details are generally not dictated by the choice of model or general methodology.

See also[edit]

• Computer-aided software engineering (some of these tools support specific methodologies)

References[edit]

1. ^ ^abcdefgCenters for Medicare & Medicaid Services (CMS) Office of Information Service (2008). Selecting a development approach. Webarticle. United States Department of Health and Human Services (HHS). Re-validated: March 27, 2008. Retrieved 27 Oct 2008.
2. ^ ^abGeoffrey Elliott (2004) Global Business Information Technology: an integrated systems approach. Pearson Education. p.87.
3. ^Suryanarayana, Girish (2015). 'Software Process versus Design Quality: Tug of War?'. IEEE Software. 32 (4): 7–11. doi:10.1109/MS.2015.87.
4. ^saeeda, Hina; Khalid, Hannan; Ahmed, Mukhtar; Sameer, Abu; Arif, Fahim (2015-09-01). 'Systematic Literature Review of Agile Scalability for Large Scale Projects'. ResearchGate. 6 (9). CiteSeerX10.1.1.695.4994. doi:10.14569/IJACSA.2015.060908. ISSN2156-5570.
5. ^'Continuous Integration'.
6. ^Booch, Grady (1991). Object Oriented Design: With Applications. Benjamin Cummings. p. 209. ISBN9780805300918. Retrieved 18 August 2014.
7. ^ ^abWhitten, Jeffrey L.; Lonnie D. Bentley, Kevin C. Dittman. (2003). Systems Analysis and Design Methods. 6th edition. ISBN0-256-19906-X.
8. ^Wasserfallmodell > Entstehungskontext, Markus Rerych, Institut für Gestaltungs- und Wirkungsforschung, TU-Wien. Accessed on line November 28, 2007.
9. ^Conrad Weisert, Waterfall methodology: there's no such thing!
10. ^Barry Boehm (1996)., 'A Spiral Model of Software Development and Enhancement'. In: ACM SIGSOFT Software Engineering Notes (ACM) 11(4):14-24, August 1986
11. ^Richard H. Thayer, Barry W. Boehm (1986). Tutorial: software engineering project management. Computer Society Press of the IEEE. p.130
12. ^Barry W. Boehm (2000). Software cost estimation with Cocomo II: Volume 1.
13. ^Stephanie Overby (1 October 2012). '7 Tips to Offshore Agile Development'. Cio.com. Retrieved 12 March 2019.
14. ^Lübke, Daniel; van Lessen, Tammo (2016). 'Modeling Test Cases in BPMN for Behavior-Driven Development'. IEEE Software. 33 (5): 15–21. doi:10.1109/MS.2016.117.

External links[edit]

• Selecting a development approach at cms.hhs.gov.
• Gerhard Fischer, 'The Software Technology of the 21st Century: From Software Reuse to Collaborative Software Design', 2001

In computer science, communicating sequential processes (CSP) is a formal language for describing patterns of interaction in concurrent systems.^[1] It is a member of the family of mathematical theories of concurrency known as process algebras, or process calculi, based on message passing via channels. CSP was highly influential in the design of the occam programming language,^[1][2] and also influenced the design of programming languages such as Limbo,^[3]RaftLib, Go,^[4]Crystal, and Clojure's core.async.^[5]

CSP was first described in a 1978 paper by Tony Hoare,^[6] but has since evolved substantially.^[7] CSP has been practically applied in industry as a tool for specifying and verifying the concurrent aspects of a variety of different systems, such as the T9000 Transputer,^[8] as well as a secure ecommerce system.^[9] The theory of CSP itself is also still the subject of active research, including work to increase its range of practical applicability (e.g., increasing the scale of the systems that can be tractably analyzed).^[10]

• 1History
• 2Informal description
• 3Formal definition
  • 3.2Formal semantics

History[edit]

The version of CSP presented in Hoare's original 1978 paper was essentially a concurrent programming language rather than a process calculus. It had a substantially different syntax than later versions of CSP, did not possess mathematically defined semantics,^[11] and was unable to represent unbounded nondeterminism.^[12] Programs in the original CSP were written as a parallel composition of a fixed number of sequential processes communicating with each other strictly through synchronous message-passing. In contrast to later versions of CSP, each process was assigned an explicit name, and the source or destination of a message was defined by specifying the name of the intended sending or receiving process. For example, the process

repeatedly receives a character from the process named west, and then sends that character to process named east. The parallel composition

assigns the names west to the DISASSEMBLE process, X to the COPY process, and east to the ASSEMBLE process, and executes these three processes concurrently.^[6]

Following the publication of the original version of CSP, Hoare, Stephen Brookes, and A. W. Roscoe developed and refined the theory of CSP into its modern, process algebraic form. The approach taken in developing CSP into a process algebra was influenced by Robin Milner's work on the Calculus of Communicating Systems (CCS), and vice versa. The theoretical version of CSP was initially presented in a 1984 article by Brookes, Hoare, and Roscoe,^[13] and later in Hoare's book Communicating Sequential Processes,^[11] which was published in 1985. In September 2006, that book was still the third-most citedcomputer science reference of all time according to Citeseer^{[citation needed]} (albeit an unreliable source due to the nature of its sampling). The theory of CSP has undergone a few minor changes since the publication of Hoare's book. Most of these changes were motivated by the advent of automated tools for CSP process analysis and verification. Roscoe's The Theory and Practice of Concurrency^[1] describes this newer version of CSP.

Applications[edit]

An early and important application of CSP was its use for specification and verification of elements of the INMOS T9000 Transputer, a complex superscalar pipelined processor designed to support large-scale multiprocessing. CSP was employed in verifying the correctness of both the processor pipeline, and the Virtual Channel Processor which managed off-chip communications for the processor.^[8]

Industrial application of CSP to software design has usually focused on dependable and safety-critical systems. For example, the Bremen Institute for Safe Systems and Daimler-Benz Aerospace modeled a fault management system and avionics interface (consisting of some 23,000 lines of code) intended for use on the International Space Station in CSP, and analyzed the model to confirm that their design was free of deadlock and livelock.^[14][15] The modeling and analysis process was able to uncover a number of errors that would have been difficult to detect using testing alone. Similarly, Praxis High Integrity Systems applied CSP modeling and analysis during the development of software (approximately 100,000 lines of code) for a secure smart-card Certification Authority to verify that their design was secure and free of deadlock. Praxis claims that the system has a much lower defect rate than comparable systems.^[9]

Since CSP is well-suited to modeling and analyzing systems that incorporate complex message exchanges, it has also been applied to the verification of communications and security protocols. A prominent example of this sort of application is Lowe’s use of CSP and the FDR refinement-checker to discover a previously unknown attack on the Needham-Schroeder public-key authentication protocol, and then to develop a corrected protocol able to defeat the attack.^[16]

Informal description[edit]

As its name suggests, CSP allows the description of systems in terms of component processes that operate independently, and interact with each other solely through message-passing communication. However, the 'Sequential' part of the CSP name is now something of a misnomer, since modern CSP allows component processes to be defined both as sequential processes, and as the parallel composition of more primitive processes. The relationships between different processes, and the way each process communicates with its environment, are described using various process algebraic operators. Using this algebraic approach, quite complex process descriptions can be easily constructed from a few primitive elements.

Primitives[edit]

CSP provides two classes of primitives in its process algebra:

Events

Events represent communications or interactions. They are assumed to be indivisible and instantaneous. They may be atomic names (e.g. on, off), compound names (e.g. valve.open, valve.close), or input/output events (e.g. mouse?xy, screen!bitmap).

Primitive processes

Primitive processes represent fundamental behaviors: examples include STOP (the process that communicates nothing, also called deadlock), and SKIP (which represents successful termination).

Algebraic operators[edit]

CSP has a wide range of algebraic operators. The principal ones are:

Prefix

The prefix operator combines an event and a process to produce a new process. For example,

${\displaystyle a\to P}$

is the process which is willing to communicate a with its environment, and, after a, behaves like the process P.

Deterministic Choice

The deterministic (or external) choice operator allows the future evolution of a process to be defined as a choice between two component processes, and allows the environment to resolve the choice by communicating an initial event for one of the processes. For example,

${\displaystyle \left(a\to P\right)◻\left(b\to Q\right)}$

is the process which is willing to communicate the initial events a and b, and subsequently behaves as either P or Q depending on which initial event the environment chooses to communicate. If both a and b were communicated simultaneously the choice would be resolved nondeterministically.

Nondeterministic Choice

The nondeterministic (or internal) choice operator allows the future evolution of a process to be defined as a choice between two component processes, but does not allow the environment any control over which one of the component processes will be selected. For example,

${\displaystyle \left(a\to P\right)\sqcap \left(b\to Q\right)}$

can behave like either ${\displaystyle \left(a\to P\right)}$ or ${\displaystyle \left(b\to Q\right)}$. It can refuse to accept a or b, and is only obliged to communicate if the environment offers both a and b. Nondeterminism can be inadvertently introduced into a nominally deterministic choice if the initial events of both sides of the choice are identical. So, for example,

${\displaystyle \left(a\to a\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)◻\left(a\to b\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)}$

is equivalent to

${\displaystyle a\to \left(\left(a\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)\sqcap \left(b\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)\right)}$

Interleaving

The interleaving operator represents completely independent concurrent activity. The process

${\displaystyle PQ}$

behaves as both P and Q simultaneously. The events from both processes are arbitrarily interleaved in time.

Interface Parallel

The interface parallel operator represents concurrent activity that requires synchronization between the component processes: any event in the interface set can only occur when all component processes are able to engage in that event. For example, the process

${\displaystyle P\left[\left\{a\right\}\right]Q}$

requires that P and Q must both be able to perform event a before that event can occur. So, for example, the process

${\displaystyle \left(a\to P\right)\left[\left\{a\right\}\right]\left(a\to Q\right)}$

can engage in event a, and become the process

${\displaystyle P\left[\left\{a\right\}\right]Q}$

while

${\displaystyle \left(a\to P\right)\left[\left\{a,b\right\}\right]\left(b\to Q\right)}$

will simply deadlock.

Hiding

The hiding operator provides a way to abstract processes, by making some events unobservable. A trivial example of hiding is

${\displaystyle \left(a\to P\right)\setminus \left\{a\right\}}$

which, assuming that the event a doesn't appear in P, simply reduces to

${\displaystyle P}$

Examples[edit]

One of the archetypal CSP examples is an abstract representation of a chocolate vending machine and its interactions with a person wishing to buy some chocolate. This vending machine might be able to carry out two different events, “coin” and “choc” which represent the insertion of payment and the delivery of a chocolate respectively. A machine which demands payment (only in cash) before offering a chocolate can be written as:

${\displaystyle \mathrm{V}\mathrm{e}\mathrm{n}\mathrm{d}\mathrm{i}\mathrm{n}\mathrm{g}\mathrm{M}\mathrm{a}\mathrm{c}\mathrm{h}\mathrm{i}\mathrm{n}\mathrm{e}=\mathrm{c}\mathrm{o}\mathrm{i}\mathrm{n}\to \mathrm{c}\mathrm{h}\mathrm{o}\mathrm{c}\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}}$

A person who might choose to use a coin or card to make payments could be modelled as:

${\displaystyle \mathrm{P}\mathrm{e}\mathrm{r}\mathrm{s}\mathrm{o}\mathrm{n}=(\mathrm{c}\mathrm{o}\mathrm{i}\mathrm{n}\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P})◻(\mathrm{c}\mathrm{a}\mathrm{r}\mathrm{d}\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P})}$

These two processes can be put in parallel, so that they can interact with each other. The behaviour of the composite process depends on the events that the two component processes must synchronise on. Thus,

${\displaystyle \mathrm{V}\mathrm{e}\mathrm{n}\mathrm{d}\mathrm{i}\mathrm{n}\mathrm{g}\mathrm{M}\mathrm{a}\mathrm{c}\mathrm{h}\mathrm{i}\mathrm{n}\mathrm{e}\left[\left\{\mathrm{c}\mathrm{o}\mathrm{i}\mathrm{n},\mathrm{c}\mathrm{a}\mathrm{r}\mathrm{d}\right\}\right]\mathrm{P}\mathrm{e}\mathrm{r}\mathrm{s}\mathrm{o}\mathrm{n}\equiv \mathrm{c}\mathrm{o}\mathrm{i}\mathrm{n}\to \mathrm{c}\mathrm{h}\mathrm{o}\mathrm{c}\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}}$

whereas if synchronization was only required on “coin”, we would obtain

${\displaystyle \mathrm{V}\mathrm{e}\mathrm{n}\mathrm{d}\mathrm{i}\mathrm{n}\mathrm{g}\mathrm{M}\mathrm{a}\mathrm{c}\mathrm{h}\mathrm{i}\mathrm{n}\mathrm{e}\left[\left\{\mathrm{c}\mathrm{o}\mathrm{i}\mathrm{n}\right\}\right]\mathrm{P}\mathrm{e}\mathrm{r}\mathrm{s}\mathrm{o}\mathrm{n}\equiv \left(\mathrm{c}\mathrm{o}\mathrm{i}\mathrm{n}\to \mathrm{c}\mathrm{h}\mathrm{o}\mathrm{c}\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)◻\left(\mathrm{c}\mathrm{a}\mathrm{r}\mathrm{d}\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)}$

If we abstract this latter composite process by hiding the “coin” and “card” events, i.e.

${\displaystyle \left(\left(\mathrm{c}\mathrm{o}\mathrm{i}\mathrm{n}\to \mathrm{c}\mathrm{h}\mathrm{o}\mathrm{c}\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)◻\left(\mathrm{c}\mathrm{a}\mathrm{r}\mathrm{d}\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)\right)\setminus \left\{\mathrm{c}\mathrm{o}\mathrm{i}\mathrm{n},\mathrm{c}\mathrm{a}\mathrm{r}\mathrm{d}\right\}}$

we get the nondeterministic process

${\displaystyle \left(\mathrm{c}\mathrm{h}\mathrm{o}\mathrm{c}\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)\sqcap \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}}$

This is a process which either offers a “choc” event and then stops, or just stops. In other words, if we treat the abstraction as an external view of the system (e.g., someone who does not see the decision reached by the person), nondeterminism has been introduced.

Formal definition[edit]

Syntax[edit]

The syntax of CSP defines the “legal” ways in which processes and events may be combined. Let e be an event, and X be a set of events. Then the basic syntax of CSP can be defined as:

Note that, in the interests of brevity, the syntax presented above omits the ${\displaystyle \mathbf{d}\mathbf{i}\mathbf{v}}$ process, which represents divergence, as well as various operators such as alphabetized parallel, piping, and indexed choices.

Formal semantics[edit]

CSP has been imbued with several different formal semantics, which define the meaning of syntactically correct CSP expressions. The theory of CSP includes mutually consistent denotational semantics, algebraic semantics, and operational semantics.

Denotational semantics[edit]

The three major denotational models of CSP are the traces model, the stable failures model, and the failures/divergences model. Semantic mappings from process expressions to each of these three models provide the denotational semantics for CSP.^[1]

The traces model defines the meaning of a process expression as the set of sequences of events (traces) that the process can be observed to perform. For example,

• ${\displaystyle \mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\mathrm{s}\left(\mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)=\left\{⟨⟩\right\}}$ since ${\displaystyle \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}}$ performs no events
• ${\displaystyle \mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\mathrm{s}\left(a\to b\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)=\left\{⟨⟩,⟨a⟩,⟨a,b⟩\right\}}$ since the process ${\displaystyle (a\to b\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P})}$ can be observed to have performed no events, the event a, or the sequence of events a followed by b

Film romance terbaik indonesia. More formally, the meaning of a process P in the traces model is defined as ${\displaystyle \mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right)\subseteq {\mathrm{\Sigma }}^{\ast }}$ such that:

1. ${\displaystyle ⟨⟩\in \mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right)}$ (i.e. ${\displaystyle \mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right)}$ contains the empty sequence)
2. ${\displaystyle s_1⌢s_2\in \mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right)⟹s_1\in \mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right)}$ (i.e. ${\displaystyle \mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right)}$ is prefix-closed)

where ${\displaystyle {\mathrm{\Sigma }}^{\ast }}$ is the set of all possible finite sequences of events.

The stable failures model extends the traces model with refusal sets, which are sets of events ${\displaystyle X\subseteq \mathrm{\Sigma }}$ that a process can refuse to perform. A failure is a pair ${\displaystyle \left(s,X\right)}$, consisting of a trace s, and a refusal set X which identifies the events that a process may refuse once it has executed the trace s. The observed behavior of a process in the stable failures model is described by the pair ${\displaystyle \left(\mathrm{t}\mathrm{r}\mathrm{a}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right),\mathrm{f}\mathrm{a}\mathrm{i}\mathrm{l}\mathrm{u}\mathrm{r}\mathrm{e}\mathrm{s}\left(P\right)\right)}$. For example,

• ${\displaystyle \mathrm{f}\mathrm{a}\mathrm{i}\mathrm{l}\mathrm{u}\mathrm{r}\mathrm{e}\mathrm{s}\left(\left(a\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)◻\left(b\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)\right)=\left\{\left(⟨⟩,\mathrm{\varnothing }\right),\left(⟨a⟩,\left\{a,b\right\}\right),\left(⟨b⟩,\left\{a,b\right\}\right)\right\}}$
• ${\displaystyle \mathrm{f}\mathrm{a}\mathrm{i}\mathrm{l}\mathrm{u}\mathrm{r}\mathrm{e}\mathrm{s}\left(\left(a\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)\sqcap \left(b\to \mathrm{S}\mathrm{T}\mathrm{O}\mathrm{P}\right)\right)=\left\{\left(⟨⟩,\left\{a\right\}\right),\left(⟨⟩,\left\{b\right\}\right),\left(⟨a⟩,\left\{a,b\right\}\right),\left(⟨b⟩,\left\{a,b\right\}\right)\right\}}$

The failures/divergence model further extends the failures model to handle divergence. The semantics of a process in the failures/divergences model is a pair ${\displaystyle \left({\mathrm{f}\mathrm{a}\mathrm{i}\mathrm{l}\mathrm{u}\mathrm{r}\mathrm{e}\mathrm{s}}_{\perp }\left(P\right),\mathrm{d}\mathrm{i}\mathrm{v}\mathrm{e}\mathrm{r}\mathrm{g}\mathrm{e}\mathrm{n}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right)\right)}$ where ${\displaystyle \mathrm{d}\mathrm{i}\mathrm{v}\mathrm{e}\mathrm{r}\mathrm{g}\mathrm{e}\mathrm{n}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right)}$ is defined as the set of all traces that can lead to divergent behavior and ${\displaystyle {\mathrm{f}\mathrm{a}\mathrm{i}\mathrm{l}\mathrm{u}\mathrm{r}\mathrm{e}\mathrm{s}}_{\perp }\left(P\right)=\mathrm{f}\mathrm{a}\mathrm{i}\mathrm{l}\mathrm{u}\mathrm{r}\mathrm{e}\mathrm{s}\left(P\right)\cup \left\{\left(s,X\right)\mid s\in \mathrm{d}\mathrm{i}\mathrm{v}\mathrm{e}\mathrm{r}\mathrm{g}\mathrm{e}\mathrm{n}\mathrm{c}\mathrm{e}\mathrm{s}\left(P\right)\right\}}$.

Tools[edit]

Over the years, a number of tools for analyzing and understanding systems described using CSP have been produced. Early tool implementations used a variety of machine-readable syntaxes for CSP, making input files written for different tools incompatible. However, most CSP tools have now standardized on the machine-readable dialect of CSP devised by Bryan Scattergood, sometimes referred to as CSP_M.^[17] The CSP_M dialect of CSP possesses a formally defined operational semantics, which includes an embedded functional programming language.

The most well-known CSP tool is probably Failures/Divergence Refinement 2 (FDR2), which is a commercial product developed by Formal Systems (Europe) Ltd. FDR2 is often described as a model checker, but is technically a refinement checker, in that it converts two CSP process expressions into Labelled Transition Systems (LTSs), and then determines whether one of the processes is a refinement of the other within some specified semantic model (traces, failures, or failures/divergence).^[18] FDR2 applies various state-space compression algorithms to the process LTSs in order to reduce the size of the state-space that must be explored during a refinement check. FDR2 has been succeeded by FDR3, a completely re-written version incorporating amongst other things parallel execution and an integrated type checker. It is released by the University of Oxford, which also released FDR2 in the period 2008-12.^[19]

The Adelaide Refinement Checker (ARC)^[20] is a CSP refinement checker developed by the Formal Modelling and Verification Group at The University of Adelaide. ARC differs from FDR2 in that it internally represents CSP processes as Ordered Binary Decision Diagrams (OBDDs), which alleviates the state explosion problem of explicit LTS representations without requiring the use of state-space compression algorithms such as those used in FDR2.

The ProB project,^[21] which is hosted by the Institut für Informatik, Heinrich-Heine-Universität Düsseldorf, was originally created to support analysis of specifications constructed in the B method. However, it also includes support for analysis of CSP processes both through refinement checking, and LTL model-checking. ProB can also be used to verify properties of combined CSP and B specifications. A ProBE CSP Animator is integrated in FDR3.

The Process Analysis Toolkit (PAT)^[22][23] is a CSP analysis tool developed in the School of Computing at the National University of Singapore. PAT is able to perform refinement checking, LTL model-checking, and simulation of CSP and Timed CSP processes. The PAT process language extends CSP with support for mutable shared variables, asynchronous message passing, and a variety of fairness and quantitative time related process constructs such as deadline and waituntil. The underlying design principle of the PAT process language is to combine a high-level specification language with procedural programs (e.g. an event in PAT may be a sequential program or even an external C# library call) for greater expressiveness. Mutable shared variables and asynchronous channels provide a convenient syntactic sugar for well-known process modelling patterns used in standard CSP. The PAT syntax is similar, but not identical, to CSP_M.^[24] The principal differences between the PAT syntax and standard CSP_M are the use of semicolons to terminate process expressions, the inclusion of syntactic sugar for variables and assignments, and the use of slightly different syntax for internal choice and parallel composition.

VisualNets^[25] produces animated visualisations of CSP systems from specifications, and supports timed CSP.

CSPsim^[26] is a lazy simulator. It does not model check CSP, but is useful for exploring very large (potentially infinite) systems. Bollywood full hd movies download windows 7.

SyncStitch is a CSP refinement checker with interactive modeling and analyzing environment. It has a graphical state-transition diagram editor. The user can model the behavior of processes as not only CSP expressions but also state-transition diagrams. The result of checking are also reported graphically as computation-trees and can be analyzed interactively with peripheral inspecting tools. In addition to refinement checks, It can perform deadlock check and livelock check.

Related formalisms[edit]

Several other specification languages and formalisms have been derived from, or inspired by, the classic untimed CSP, including:

• Timed CSP^{[permanent dead link]}, which incorporates timing information for reasoning about real-time systems
• Receptive Process Theory, a specialization of CSP that assumes an asynchronous (i.e. nonblocking) send operation
• TCOZ, an integration of Timed CSP and Object Z
• Circus, an integration of CSP and Z based on the Unifying Theories of Programming
• CML (COMPASS Modelling Language), a combination of Circus and VDM developed for the modelling of Systems of Systems (SoS)
• CspCASL, an extension of CASL that integrates CSP
• LOTOS, an international standard^[27] that incorporates features of CSP and CCS.
• PALPS, a probabilistic extension with locations for ecological models developed by Anna Philippou and Mauricio toro bermúdez ^[es]

Comparison with the actor model[edit]

In as much as it is concerned with concurrent processes that exchange messages, the Actor model is broadly similar to CSP. However, the two models make some fundamentally different choices with regard to the primitives they provide:

• CSP processes are anonymous, while actors have identities.
• CSP uses explicit channels for message passing, whereas actor systems transmit messages to named destination actors. These approaches may be considered duals of each other, in the sense that processes receiving through a single channel effectively have an identity corresponding to that channel, while the name-based coupling between actors may be broken by constructing actors that behave as channels.
• CSP message-passing fundamentally involves a rendezvous between the processes involved in sending and receiving the message, i.e. the sender cannot transmit a message until the receiver is ready to accept it. In contrast, message-passing in actor systems is fundamentally asynchronous, i.e. message transmission and reception do not have to happen at the same time, and senders may transmit messages before receivers are ready to accept them. These approaches may also be considered duals of each other, in the sense that rendezvous-based systems can be used to construct buffered communications that behave as asynchronous messaging systems, while asynchronous systems can be used to construct rendezvous-style communications by using a message/acknowledgement protocol to synchronize senders and receivers.

See also[edit]

• Trace theory, the general theory of traces.
• Trace monoid and history monoid
• VerilogCSP is a set of macros added to Verilog HDL to support communicating sequential processes channel communications.
• Joyce is a programming language based on the principles of CSP, developed by Brinch Hansen around 1989.
• SuperPascal is a programming language also developed by Brinch Hansen, influenced by CSP and his earlier work with Joyce.
• Ada implements features of CSP such as the rendezvous.
• DirectShow is the video framework inside DirectX, it uses the CSP concepts to implement the audio and video filters.
• OpenComRTOS is a formally developed network-centric distributed RTOS based on a pragmatic superset of CSP.

References[edit]

1. ^ ^abcdRoscoe, A. W. (1997). The Theory and Practice of Concurrency. Prentice Hall. ISBN978-0-13-674409-2.
2. ^INMOS (1995-05-12). occam 2.1 Reference Manual(PDF). SGS-THOMSON Microelectronics Ltd., INMOS document 72 occ 45 03
3. ^'Resources about threaded programming in the Bell Labs CSP style'. Retrieved 2010-04-15.
4. ^'Language Design FAQ: Why build concurrency on the ideas of CSP?'.
5. ^'Clojure core.async Channels'.
6. ^ ^abHoare, C. A. R. (1978). 'Communicating sequential processes'. Communications of the ACM. 21 (8): 666–677. doi:10.1145/359576.359585.
7. ^Abdallah, Ali E.; Jones, Cliff B.; Sanders, Jeff W. (2005). Communicating Sequential Processes: The First 25 Years. LNCS. 3525. Springer. ISBN9783540258131.
8. ^ ^abBarrett, G. (1995). 'Model checking in practice: The T9000 Virtual Channel Processor'. IEEE Transactions on Software Engineering. 21 (2): 69–78. doi:10.1109/32.345823.
9. ^ ^abHall, A; Chapman, R. (2002). 'Correctness by construction: Developing a commercial secure system'(PDF). IEEE Software. 19 (1): 18–25. CiteSeerX10.1.1.16.1811. doi:10.1109/52.976937.
10. ^Creese, S. (2001). 'Data Independent Induction: CSP Model Checking of Arbitrary Sized Networks'. D. Phil. Oxford University.
11. ^ ^abHoare, C. A. R. (1985). Communicating Sequential Processes. Prentice Hall. ISBN978-0-13-153289-2.
12. ^Clinger, William (June 1981). 'Foundations of Actor Semantics'. Mathematics Doctoral Dissertation. MIT. hdl:1721.1/6935.
13. ^Brookes, Stephen; Hoare, C. A. R.; Roscoe, A. W. (1984). 'A Theory of Communicating Sequential Processes'. Journal of the ACM. 31 (3): 560–599. doi:10.1145/828.833.
14. ^Buth, B.; M. Kouvaras; J. Peleska; H. Shi (December 1997). 'Deadlock analysis for a fault-tolerant system'. Proceedings of the 6th International Conference on Algebraic Methodology and Software Technology (AMAST’97). pp. 60–75.
15. ^Buth, B.; J. Peleska; H. Shi (January 1999). 'Combining methods for the livelock analysis of a fault-tolerant system'. Proceedings of the 7th International Conference on Algebraic Methodology and Software Technology (AMAST’98). pp. 124–139.
16. ^Lowe, G. (1996). 'Breaking and fixing the Needham-Schroeder public-key protocol using FDR'. Tools and Algorithms for the Construction and Analysis of Systems (TACAS). Springer-Verlag. pp. 147–166.
17. ^Scattergood, J.B. (1998). 'The Semantics and Implementation of Machine-Readable CSP'. D.Phil. Oxford University Computing Laboratory.
18. ^A.W. Roscoe (1994). 'Model-checking CSP'. In A Classical Mind: essays in Honour of C.A.R. Hoare. Prentice Hall.
19. ^'Introduction — FDR 4.2.4 documentation'. www.cs.ox.ac.uk.
20. ^Parashkevov, Atanas N.; Yantchev, Jay (1996). 'ARC – a tool for efficient refinement and equivalence checking for CSP'. IEEE Int. Conf. on Algorithms and Architectures for Parallel Processing ICA3PP '96. pp. 68–75. CiteSeerX10.1.1.45.3212.
21. ^Leuschel, Michael; Fontaine, Marc (2008). 'Probing the Depths of CSP-M: A new FDR-compliant Validation Tool'(PDF). ICFEM 2008. Springer-Verlag. Archived from the original(PDF) on 2011-07-19. Retrieved 2008-11-26.
22. ^Sun, Jun; Liu, Yang; Dong, Jin Song (2009). 'PAT: Towards Flexible Verification under Fairness'(PDF). Proceedings of the 20th International Conference on Computer-Aided Verification (CAV 2009). Lecture Notes in Computer Science. 5643. Springer. Archived from the original(PDF) on 2011-06-11. Retrieved 2009-06-16.
23. ^Sun, Jun; Liu, Yang; Dong, Jin Song (2008). 'Model Checking CSP Revisited: Introducing a Process Analysis Toolkit'(PDF). Proceedings of the Third International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2008). Communications in Computer and Information Science. 17. Springer. pp. 307–322. Archived from the original(PDF) on 2009-01-08. Retrieved 2009-01-15.
24. ^Sun, Jun; Liu, Yang; Dong, Jin Song; Chen, Chunqing (2009). 'Integrating Specifications and Programs for System Specification and Verification'(PDF). IEEE Int. Conf. on Theoretical Aspects of Software Engineering TASE '09. Archived from the original(PDF) on 2011-06-11. Retrieved 2009-04-13.
25. ^Green, Mark; Abdallah, Ali (2002). 'Performance Analysis and Behaviour Tuning for Optimisation of Communicating Systems'(PDF). Communicating Process Architectures 2002.
26. ^Brooke, Phillip; Paige, Richard (2007). 'Lazy Exploration and Checking of CSP Models with CSPsim'. Communicating Process Architectures 2007.
27. ^ISO 8807, Language of Temporal Ordering Specification

Further reading[edit]

• Hoare, C. A. R. (2004) [1985]. Communicating Sequential Processes. Prentice Hall International. ISBN978-0-13-153271-7.
  • This book has been updated by Jim Davies at the Oxford University Computing Laboratory and the new edition is available for download as a PDF file at the Using CSP website.
• Roscoe, A. W. (1997). The Theory and Practice of Concurrency. Prentice Hall. ISBN978-0-13-674409-2.
  • Some links relating to this book are available here. The full text is available for download as a PS or PDF file from Bill Roscoe's list of academic publications.

External links[edit]

• A PDF version of Hoare's CSP book – Copyright restriction apply, see the page text before downloading.
• WoTUG, a User Group for CSP and occam style systems, contains some information about CSP and useful links.